The Next Arms Race: Cyberweapons 125
Harperdog writes "Scott Kemp writes about the similarities between the nuclear arms race and the use of cyberweaponry for offensive purposes. As the article points out, offensive cyberwarfare leaves a nation's own citizenry vulnerable to attack as government agencies seek to keep weaknesses in operating systems (such as Windows) secret. Quoting: 'In the world of armaments, cyber weapons may require the fewest national resources to build. That is not to say that highly developed nations are not without their advantages during early stages. Countries like Israel and the United States may have more money and more talented hackers. Their software engineers may be more skilled and exhibit more creativity and critical thinking owing to better training and education. However, each new cyberattack becomes a template for other nations — or sub-national actors — looking for ideas.'"
or you could just... (Score:2, Insightful)
government agencies seek to keep weaknesses in operating systems (such as Windows) secret.
God forbid you simply keep these machines offline.
Nope, gotta keep them open for people to find and attack.
Re: (Score:2)
Well, you know that media tells you that you must be on line 24/7, and must use Facebook to be a person. They also tell you that you must use Windows right? At least the Windows rhetoric has slowed down a bit lately, but the hype to get people on Facebook is pretty massive.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Seriously...sometimes being a criminal over in the US is way too easy if people like that can become one.
Re: (Score:1)
Macs. Everyone must use Facebook, and own a Mac. Check out the number of Macs prominently displayed in the latest movies.
Re: (Score:2)
I thought it was MAC for the people of power or with money, but Windows for the rest of the world. I have to watch some TV I guess. On second thought.. nah, I'll take your word for it! Thanks for the catch!
Re: (Score:2)
Movies != TV.
Re: (Score:1)
Macs. Everyone must use Facebook, and own a Mac. Check out the number of Macs prominently displayed in the latest movies.
it's called product placement, the cigarette industry have been paying movies to show people smoking for 50 years.
Re:or you could just... (Score:5, Insightful)
The nuclear enrichment site at Natanz was kept offline. That didn't keep stuxnet out of there.
The problem with security in general is that no matter how many protections you put in place humans are still the weakest link. We will always make mistakes.
Re: (Score:3, Funny)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
We need more destructive malware that wrecks unsecured systems, or USERS WILL NEVER CARE ABOUT SECURITY.
Immune responses are built be sustained attack.
Humans aren't wired to worry about vague threats of things they will never understand. They ARE wired to worry about their machines being bricked and the loss of data they will never back up.
No profit there. (Score:3)
Where's the profit for the cracker in a dead machine?
But if that machine can be turned into a zombie ... lots of money making opportunities.
Re: (Score:2)
We need more destructive malware that wrecks unsecured systems, or USERS WILL NEVER CARE ABOUT SECURITY.
Immune responses are built be sustained attack.
Humans aren't wired to worry about vague threats of things they will never understand. They ARE wired to worry about their machines being bricked and the loss of data they will never back up.
I have a better idea. First we need to set up a highly secretive network of death squads, then we start tasking the NSA, those CNET guys, the Kasparsky guys and the FBI with identifying and tracking infected users. Once we know where the people live we send in the death squads and murder them in horrific ways and blame the malware.
Or we can somehow make the malware spread HIV or bird flu or SARS.
Re:or you could just... (Score:5, Insightful)
I interpreted that statement differently: it's not that government agencies seek to keep weaknesses secret in order to avoid being attacked, it's that they want them secret so that they can use those weaknesses to attack others.
Re: (Score:3, Insightful)
Indeed. Were I in the military, I'd personally ensure that any computer connected to anything remotely important did not even have an Ethernet connector.
The sad part is, the military probably thinks we are joking when IT people tell them "No, really. Just don't connect anything important to the internet. It will be cracked, no matter what the security vendor / sales guy is telling you." It can be running the most harden variant of Unix you know of, with all sorts of security schemes; but if you put it on th
Re: (Score:2)
The entire computer 'security' industry that has sprouted up over night is headed by people who couldn't make it as network admins, but want the same rights and privileges. Whole corporations following the advice that is found on page 209 in most 'Welcome to {insert name} Operating Systems: An Administration Guide'
Right the IT Sec community would do better to hold a few less 'Cons' and a few more Conventions; perhaps put on shirt with buttons in traditional locations. It really is time to grow up. Its one of the reasons the C[EIT]O is not taking you seriously. Trouble is the 'network admins' are not doing much better most places. Until someone does convince the C[EIT]O the sky is falling those guys don't generally have the political muscle to do it right.
Users don't want to wait for the systems to be patched. Pr
Re: (Score:1)
Re: (Score:3)
And push out an update installing a govt operated backdoor to all Windows computers
That update can be disguised as some benign functionality
Similarly buy Canonical for Ubuntu and a few more major players
Https://en.wikipedia.org/wiki/NSAKEY
It's like cheap muskets! (Score:2)
The plus side is, that creating cyber attacks is very cheap. Learning the low level instructions is not so easy, but the advent of the internet makes things easy to find. Hell, I have never coded a graphics device in my life but I can find a great number of header files that know the calls.
In the US, this is going to be extremely difficult in a year. The new NSA supercomputers will be on line spying on everything being done. They will be able to track you pretty quickly. Outside of the US, tracking som
Not until someone dies. (Score:2)
The problem I have with the "cyber weapons" terminology is that they are weapons which do not kill anyone. Not that that is a bad thing.
But it places them more in the "vandalism" category rather than than the "weapon" category.
Now it may be technologically advanced vandalism delivered by double agents ... but it's still just vandalism.
The same as pouring sugar into gasoline tanks would be.
Re:Not until someone dies. (Score:5, Informative)
A weapon does not have to kill someone or indeed even be able to kill someone to be a weapon. The two definitions are "a thing designed or used for inflicting bodily harm or physical damage" and "a means of gaining an advantage or defending oneself in a conflict or contest." Cyberweapons fulfill both, except, of course, it's "cyber" damage, not physical (hence the name, which of course is stupid but effective).
What Anonymous does is effectively vandalism, yes. Stuxnet, however, was a weapon.
Sugar! The deadliest weapon! (Score:2)
Except that once you go down that route EVERYTHING becomes a "weapon" and the term "weapon" becomes meaningless (since it means everything).
And while "weapon" CAN mean something else, the term that more correctly describes that action is "vandalism".
Re: (Score:2)
Except when something like Stuxnet is deliberately designed to sabotage and damage a weapons development program, or a virus is designed to shut down the power grid. Some thought is required when assigning the term "weapon" to an object, just as with many nouns. LOIC? Not a weapon. As you say, that is vandalism. A virus that causes a reactor to explode? Weapon, not vandalism.
Flame and others are obviously subject to debate about whether they are actually "weapons" or not, especially since we have no idea w
"Assassination Weapon" (Score:1)
The nation in question also disabled some russian-made airdefence system in a bombing raid on enemy territory (to take out a suspected reactor) and the rumor m
Re: (Score:2)
Did you know that in courts, people have been convicted of using frying pans as weapons. We can add shoe laces, bricks, fishing line, and even spoons to that list. We have drones that fly by TV screen and people use Joysticks to launch weapons. In that case, computers and technology are very much weapons. As would be the radios providing the intelligence to find targets. Voices have been used as psychological weapons dating back to WW I, when we had loudspeakers on the front lines. The term weapon in
Re: (Score:2)
don't assume that cyber weapons can not inflict bodily harm or physical damage. They already have...many times over.
Re:Not until someone dies. (Score:5, Funny)
"Loose chips sink ships."
Re:Not until someone dies. (Score:5, Interesting)
The same as pouring sugar into gasoline tanks would be.
Your saboteur just "poured sugar" into the tank of every HMVV, jeep, tank, and vehicle on the eve of your invasion on the base nearest to your entry point. The defender is going to have a mighty hard time forming an effective defense with no mechanized infantry and armor. Even harder if the power grid and water pumps suddenly go down in a major city that necessitates the Army's assistance in supplying and policing the area (most countries armies double as disaster relief too). Oh, and factor in that the communication relays are suddenly transmitting garbage and white noise.
To add insult to injury, you now have the blueprints of their newest tanks, so even if they manage to clean out the turbines and get them running again, your gunners will know exactly where to shoot to take them out in one hit, and you know exactly how long their air superiority fighters can stay in the air, how high they can climb how fast, etc.
And for a final "Fuck you", your hackers broke into the enemy's central bank's network, along with a few other major banks in his country, and 'diverted' most of the country's funds, including all the foreign currency stockpiled on the central bank's accounts, to you a day or two after the first shot rang out, so the state as a whole is left penniless and unable to pay its army.
As a wise man once said, "Knowing is half the battle". Infrastructure is good 25% or more, so you're left with 25% at most that constitutes military might. Far fewer casualties on your side, and possibly fewer on the target side as well if the leaders recognize early on that they have lost the war before the first shot was fired (since they can't mount a proper defense due to the chaos and lack of funds). Cyberwarfare can certainly kill, but it need not do so, for the objective is to cripple the target so the army encounters less resistance.
Re:Not until someone dies. (Score:5, Funny)
Re: (Score:3)
And I need to re-read my Art of War if I attributed that to Sun Tzu...
Although I'm sure he said something to the same effect too.
Ok...but now you know... (Score:2)
..and knowing is half the battle!
Re: (Score:1)
Amazing summary. You left the part out about how you leave your enemy so paranoid they can't trust anything or one and the cost of doing business goes through the roof.
Someone has definitely read the Art of War and taken it to our level which is so cool, I welcome the 21 century, game on.
Re: (Score:2)
Ideally, there's no time for the enemy to become paranoid. Should everything go according to plan, and should the plan survive first encounter, a war like this would be a literal "They don't even know what hit 'em", and should be over in less than a week with an unconditional surrender.
Re: (Score:2)
That's not a given. What about a malware which causes a nuclear power plant to blow up? What about one which just opens all gates at a major dam, causing a flood downstream? Or more subtle, what if some malware in a hospital is used to kill people by making machines emit too much radiation, by making life-support machines to switch off themselves, or even simply by slightly manipulating the medication p
Re:Not until someone dies. (Score:4, Interesting)
The problem I have with the "cyber weapons" terminology is that they are weapons which do not kill anyone. Not that that is a bad thing.
They could be made to kill people. Your local hospital is probably still running WinNT/2k on a lot of their equipment. Think of all the trouble one could cause for a nation if you infected their hospitals. Talk about a terror attack...
Re: (Score:2)
Yes, but it's time consuming, and far too much effort for what it's worth.
Re: (Score:2)
Yes, but it's time consuming, and far too much effort for what it's worth.
Eh? Isn't that the definition of a government project?
Re: (Score:2)
*facepalms*
I agree with your assessment, but damn is that depressing to read at 4 AM.
Still the idea of bringing war to the internet is...well, you don't want to know what I think about it. Caricatures of Officer Farva (from Super Troopers, http://4.bp.blogspot.com/_a1Gr4UKmN6Y/S-nv_mdqNvI/AAAAAAAACTM/dQ0-RwCCau8/s1600/largefarva.png) come to mind when I think of the kinds of people training to be 'cyber-commandos.' The idea that they want to turn our playground into a battlefield...
Re: (Score:2)
Although I find the tendency to prefix "cyber" to everything a very tedious practice, consider that software flaws very well can be used to inflict physical damage--Stuxnet being the perfect example of that.
As computers take over more and more tasks, I think it's inevitable that a malicious individual will use a software flaw to cause the deaths of a significant number of people. I just think it's silly to call that sort of thing "cyberwarfare." It is sabotage, plain and simple. That it's done with code rat
Re:Not until someone dies. (Score:5, Interesting)
Military doctrine states very clearly that the best weapons do not kill people at all. The best weapons will cause damage that takes people off line, so that your killers have less targets to deal with. This is why your first targets in a war are the command and control centers, radio towers, and major transit routes. The first targets are never a "Kill". This is also why the 5.56mm round is designed to wound, not kill (by no means does this mean that the round does not kill, however the size and shape are designed to do do damage without killing. If we intended to kill the round would be much larger and heavier).
In the case of espionage, this is much more complex. Gaining information on movements and targets, locations of C&C, and lastly impersonation. How many of those statements released by Egypt's leaders, or Libya's leaders were really from them? That last game is played much more often than you would guess.
Re:Not until someone dies. (Score:5, Interesting)
Likewise, vulnerabilities have been found on devices connected to CAN (Car Area Networks) were attackers could over the cellular link to the car (via something like on-star) do things like disable the air bags, engage the cruise control, etc.
Imagine the mayhem a terrorist group could cause if say they took an ultra small device and buried next to the road that randomly would insert malware into peoples cars as they drove by that after some random number of miles, locked the doors, disabled the brakes and air bags and then set the cruise control to 100mph.
[http://isutech.wordpress.com/2012/03/11/all-your-devices-can-be-hacked-2/]
Re: (Score:2)
A weapon is something that can be used to assault or injure someone (or destroy or damage material). Its lethality is tangental. Can be a rolled up newspaper or a computer virus attacking life supporting equipment in a ho
Re: (Score:2)
Indeed, but human beings typically assign priorities to the ability of a weapon to deal damage.
Let me explain:
Nuclear / Chemical / Biological weapons score a 10 / 10.
Your average military fighter / bomber / tank...gets a 7 / 10.
Your average gun, a 5 / 10.
Your average knife, a 3/ 10.
Your average computer virus, maybe a 0.5 / 10.
The whip gets a 1 / 10.
Re: (Score:2)
Hmm. "Cyber weapons," specially designed, might be able to kill people, but only as a side effect. It all comes down to what the system is connected to, and you need to get the 'enemy' to connect an internet enabled computer to it first.
Of course, there are other methods, but it's easier to usually do it without resorting to 'cyber' weaponry.
If I want to kill a regiment of soldiers, do I
a.) hack into a satellite, plot a trajectory that would give a super-computer a head-ache, and drop it on them? or
b.) dig
Re: (Score:1)
Being able to just pour sugar into gasoline tanks would actually be a pretty sweet capability... yeah, you could even say that explosives are used mostly against armoured targets because the gasoline tanks can't be reached, and you can't get close enough to screw a lid on the barrel of the gun etc. If you could just stop stuff from moving and firing, why bomb to bits what you could keep for intelligence and spare parts?
Besides, if you take down the enemy network, you end up with soldiers you can see, who ca
Re: (Score:2)
So that would be no vandalism at all [snopes.com] then...
Re: (Score:2)
The problem I have with the "cyber weapons" terminology is that they are weapons which do not kill anyone. Not that that is a bad thing.
Try going without the power grid for a week across the country, especially during the winter, and see who dies.
Shut down the transportation infrastructure, for instance by disabling the fuel supply infrastructure, and see who dies. Grocery stores have, at best, enough food for 3-4 days before they're out.
Shut down the public water utilities, esp if you shut down the p
The nuclear arms race wasn't that bad . . . (Score:3, Insightful)
. . . because both sides were scared enough not to even think about using them. Just a few isolated tests here and there in underground isolated places. No, or very limited, collateral damage.
With the Cyberweapons arms race, it seems to be like the wild west. Cyberweapons are being deployed and tested everywhere, and affecting innocent bystanders. Imagine having nukes tested in your backyard. Or Cyberweapons tested live on your Internet.
Re:The nuclear arms race wasn't that bad . . . (Score:5, Interesting)
The difference is that cyberweapons inherently exploit fixable weaknesses in existing infrastructure (assuming the government isn't just inserting backdoors, which they may be doing, but they are also doing much more). The more widely they are used, the greater the pressure to fix those weaknesses and implement better security practices. Given that criminals are going to use those weaknesses even if every single government stops, that means they have fewer and fewer exploits and avenues to exploit, which is good for everyone.
It's more like a rat infestation than nuke testing. Sure, it's annoying, but the more of the bastards you get, the faster you can patch all the holes they are coming through (and the more rat poison to stop the stragglers).
Re: (Score:2)
A government spends years of research and lots of money to develop a malware. They deploy it and it causes the damage they were hoping for. The problem is, unless the malware is very specific, the target can now copy it and shoot it back at them. Which is why the "cyber arms race" is not like the nuclear arms race, but more like the gas weapon arms race in WW1: if you deploy your weapon before developing sufficient protection against it, you will hurt yourself just as much as you hurt the enemy. So if the
Public Policy (Score:5, Interesting)
Governments want to keep vulnerabilities secret so they can hit the enemy, but the enemy has the same equipment and setup as ours. If you increase resistance to attacks locally, the same happens remotely.
So the decision to be made is, what's more important: Our offensive capability, or our defensive capability? It's a zero sum equation, but with a twist: Every offensive action creates a corresponding signature which can be used to increase defense against that action next time. Effective surveillance increases the chance of detection and remediation. So the tipping point is the ratio of exploitable vulnerabilities (think of this as army size) each party possesses. If you have more than your enemy by a considerable margin, your enemy is unlikely to attack. Conversely, if you don't have sufficient resources to discover and refine vulnerabilities and the intelligence capabilities to know where to use them (and when), your best response is to form alliances with others, so that when a vulnerability is used on their infrastructure, they share their surveillance with all parties; thus creating a force multiplier in favor of defense.
I guess my point is that the problem can be framed using conventional military tactics, rules of engagement, etc.; But I would hesitate to equate it to military action. Otherwise you wind up in a legal quagmire: That would be turning that guy who keeps trying to run Reaver against my router to hack his way onto my network into an enemy combatant or a private citizen into an arms dealer for having a copy of TrueCrypt.
Re: (Score:3)
That's a rather good analogy, but with a significant flaw: states know the size of other armies almost exactly (satellite imagery allows them to discern the housing capacities of bases, and lets them detect aircraft, armor, navy, etc. from orbit, or at least a close approximation of their number, and possibly even type, armaments, defenses, etc. Plus, much of that information is public or obtainable, since it's private corporations that manufacture these units), while the number and type of exploitable vuln
Re: (Score:2)
That's a rather good analogy, but with a significant flaw: states know the size of other armies almost exactly...
It wasn't always that way. It's not like satellites have been around since war was invented. Just because the technology and methodology has changed doesn't mean that principles behind control of terrain, force multipliers, offense versus defense, etc., are any less valid.
I'd say that cyberwarfare is a sort of 'supplementary warfare', designed to shorten a war and lessen casualties by causing enough confusion and chaos that the enemy can't mount an effective defense and is forced to surrender.
If you are able to spread a virus that attacks critical infrastructure like the electric grid, water supply, hospitals, etc., you can unbalance the civilian population, which means fewer resources can be devoted to a military response --
Re: (Score:2)
I'd say that cyberwarfare is a sort of 'supplementary warfare', designed to shorten a war and lessen casualties by causing enough confusion and chaos that the enemy can't mount an effective defense and is forced to surrender.
If you are able to spread a virus that attacks critical infrastructure like the electric grid, water supply, hospitals, etc., you can unbalance the civilian population, which means fewer resources can be devoted to a military response -- it's a lot harder to maintain an army when your own population is starving, in the dark, or cannot receive medical treatment. I wouldn't say it's as "supplementary" as nuclear weapons. Sure, you might not let one off the chain everytime there's a problem, but having the capability constrains the number of options the enemy has.
That's exactly what I meant by supplementary: it doesn't (usually) kill on its own, it just weakens the enemy force, hopefully enough to force a surrender.
That's a rather good analogy, but with a significant flaw: states know the size of other armies almost exactly...
It wasn't always that way. It's not like satellites have been around since war was invented. Just because the technology and methodology has changed doesn't mean that principles behind control of terrain, force multipliers, offense versus defense, etc., are any less valid.
True, war was not always an almost-fully informed game. However, while some of the tactics and strategies discussed by Sun Tzu are still valid, most have been superseded: terrain is no longer a constraint when you can air-lift your troops into position and conduct air strikes and bombardment over strategic ranges, the traditional maxim of "Defenders are a
"Free Game" (Score:1)
Re: (Score:2)
I'm not saying that!
What I'm saying is that since terrorists don't count as combatants, they are not subject to the provisions of the Geneva Convention, and therefore, soldiers have who encounter one have no obligation whatsoever to spare his life, like they do with regular enemy combatants. Even civil uprisings and irregular combatants are afforded more protection given that they fulfill the required criteria (relaxed version of the regular combatants' criteria).
More like biological weapons than nuclear, I think (Score:5, Insightful)
I'd say this is a bit more like biological weapons, and less like nuclear - more likely to spread, more likely that a single individual or small group can successfully develop and deploy them, some chance that once deployed, it will come back to attack its creator-state, because you can't be completely sure you can control it. (That is to say, once a given nuclear device is detonated, it's gone and can't attack again, but biological can cyber weapons can be harvested, tweaked, and re-deployed against you).
template? not necessarily... (Score:1)
When you drop a nuclear bomb on an enemy, is there a warhead left to analyze? Exactly. That's how cyberweaponry should be designed...one time use only, and it destroys itself, whether it's successful or not. Not only does that keep the enemy guessing, but it also keeps the minds behind the attacks active and creative.
Re: (Score:1)
Actually, there is enough left to analyze. The decay products can tell you a lot about the material in the warhead. Arguably, enough to identify not only the nation state, but possibly even
In The Real World (Score:1)
Re: (Score:3)
When you drop a nuclear bomb on an enemy, is there a warhead left to analyze? Exactly. That's how cyberweaponry should be designed...one time use only, and it destroys itself, whether it's successful or not. Not only does that keep the enemy guessing, but it also keeps the minds behind the attacks active and creative.
Cyberweapons come in two main flavors: code that runs internally on the target system (malware such as Stuxnet, Flame, Duku, etc.) and attacks that are run external to the target (Distributed Denial of Service DDoS attacks from tools such as LOIC, disabling the routers that serve the target, disrupting their DNS, etc.) External weapons remain safely out of the hands of the target. The only thing the target gets is the SYN packets, or the RST packets, or a dead router. An analogy would be that nothing in
Don't Forget (Score:1)
Or, inject a virus directly into a sigint system, because by definition that system is listening promiscuously for other people's data streams.
Inject malware by a laser triggering some sensor's automatic gain control rapidly, triggering a buffer overflow.
Basically, the sky is the limit when it comes to hacking modern weaponry, as
Uhhh Redundant story (Score:1)
I have been hearing about the next war about cyber weapons for several years. Seems the same old tricks keeps geting them time and time again.
Cyberwarfare leads NOWHERE.. (Score:2)
Re: (Score:1)
Re: (Score:2)
And this is different from conventional war...how?
nobody gets hurt?
Re: (Score:2)
That's not the point of cyberwarfare. When done correctly, you attack with conventional forces while their systems lock up and crumble, and strike into the chaos for a quick win.
Re: (Score:2)
Ok slashdot, I'll bite... (Score:1)
Obligatory (Score:2)
President is open to impeachment/arrest/jail? (Score:2)
I'll keep it short & simple:
Re: (Score:2)
terrible cybernews (Score:4, Funny)
One more crippling cybershell hit the already beleaguered cyberdefense community when CyberIDC confirmed that cyberwarfare rates have risen yet again, now up to more than 100 percent of all servers. Coming on the heels of a recent Cybercraft survey which plainly states that cyberdefense has lost more cyberbattles, this news serves to reinforce what we've known all along. Cyberdefense is collapsing in complete cyberchaos.
YOu mean (Score:1)
good (Score:2)
Cyber-Attack Will Be The New Poison-Gas (Score:1)
Cyber Attacks cannot be controlled once released the same way poison gas could not be controlled once released. As any idiot could foresee, and as has already been demonstrated in the first "International Warfare" "deployments". Like poison gas cyber-weapons go whichever way the wind blows, linger in low areas, in still pockets and under inversions. Their remnants continue to wreak havoc on the more sensitive, as "dispersed" gas did the pigeons used in WWI to carry messages. And, like mustard gas, and D
Improper Generalization (Score:1)
Just because there exists malware which will attack anything it is compatible to, does not mean much. You could very well write malware which would attack only computers with a very small set of IP addresses, with a very specific config, in a very specific subnet or DNS domain. Your argument is the same as the pope lamenting the use of longbows. "distance weapons are dehumanizing like nothing before. The bad guy with the horns on the head must have created
Just one question I have (Score:1)
I don't care about their arms race.
I just want to know:
is nmap and wireshark protected by the second amendment?
Let's face it... (Score:1)
* = read 'unscrupulous bastards'
Cyberweaponry? Cyberwarfare? (Score:1)
Geez, it's like something out of Doctor Who.... ... ...Oh wait. Cool!!! How long before we have actual Cybermen fighting our wars, stomping around yelling "DELETE, DELETE!"?
US Cyberwar is a Blazing Saddles tactic.. (Score:2)
Our (that is, the US's) Cyberweapons threaten ourself more than any other target. We are the most dependent on the internet We have the most to lose. We wave these weapons of self-mutilation around in the hopes that our intimidated foes will not force us to destroy ourself.
What could go wrong?
ALL Praise Iro
Hmmm, What can you lose ? (Score:1)
Well... that does it. (Score:2)
I'm going to have to write an OS, based on capability based security. Even if it sucks, it'll be the only thing left running after skynet becomes self aware, infects everything, then gets paranoid, then kills itself in a case of mistaken identity. (Total time, 4 hours, 9 minutes, 2.3 seconds)
Some pointers (Score:1)
Re: (Score:1)
I don't know. (Score:1)
Re: (Score:1)
Defensive Technologies (Score:1)
Formal Verification. Proof your code correct. Works on small pieces of code
Sandboxing. Google Chrome is doing it conceptually very well and could be applied to many more systems
Behavioural Analysis at network chokepoints such as firewalls and fileservers. Malware will be challenged to make its extraction and C&C traffic look like legitimate traffic. Requires competent analysts who actua
Re: (Score:2)
This is exactly accurate.
"cyber" claims are purely hype and designed to turn a profit about something that isn't even a real threat. May as well say "cyber epsionage" is some magic new threat as if you know, espionage had never existed before it went cyber.
You Don't know the MIC (Score:1)
Re: (Score:2)
My sentiments exactly. Cyber-BS is the new red, apparently. At least it makes identifying the nonsense-stories easier.
Re: (Score:2)
Wow, -1? I was thinking exactly the same thing, but you beat me to posting. Parent should have been +5 informative
Seconded, and with the cajones to say so without going AC.
Granted, OP could have gone about it much more elegantly, but I think they got the point across.
Re: (Score:2)
Or how about asking how many people would consciously and knowingly allow code to run on their PC (unobtrusively in the background, of course) that would disrupt or cause harm to their perceived enemies. Lots and lots, I bet.
LOIC [sourceforge.net], for the play-at-home version. And "lots and lots" would be a fairly accurate estimate.
Re: (Score:2)
I am laughing (Score:1)
You Have Been Raised On Freedom Fries ? (Score:1)