Rich Freeman on 30 Jan 2015 10:27:46 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Article on 'cyberwarfare'

On Fri, Jan 30, 2015 at 11:08 AM, Keith C. Perry
<> wrote:
> Once people accept that their security is their responsibility first then the best possible security structures can be built out from that.

That is only true because nobody else takes IT security seriously.

Imagine if you took that attitude towards home intrusion.  Suppose it
were common for people to use the best available equipment to break
into homes with little action by the police or military to prevent
this.  By best-available, I mean just that - the equipment available
to a first world military (even a small first-world country).  There
isn't a home in the US that would withstand such an attack, and if
there weren't much risk of getting caught there would be no reason for
burglars not to use such equipment.  To defeat such at attack would
require each homeowner to basically have a private military standing

When somebody hacks into your home PC, they're going to use the same
kinds of zero-day exploits and rootkits that many first-world
governments would use.  Sure, the average attacker isn't quite at the
level of sophistication as the USA or Chinese, but they're probably
right up there with a country like Italy or France.  The hackers
likely face almost no risk of prosecution, so they can operate from
sophisticated criminal organizations.

Is it really realistic to expect EVERYBODY who uses a computer to be
prepared to defeat such an attack?  The reality is that almost nobody
is, and so criminals break into computers at their leisure.  Companies
aren't going to elevate their security until attacks become so
pervasive that it becomes a requirement of doing business and they can
therefore successfully pass their costs onto their customers.  Until
then they'll just purchase insurance and let everybody change all
their credit card numbers three times a year.

We expect national governments to control their physical borders.  In
fact, a country that fails to do this is generally not recognized as a
country - this is almost the definition of sovereignty.  Why wouldn't
people expect their governments to provide a similar level of security

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --