| Rich Freeman on 30 Jan 2015 10:27:46 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Article on 'cyberwarfare' |
On Fri, Jan 30, 2015 at 11:08 AM, Keith C. Perry <kperry@daotechnologies.com> wrote: > > Once people accept that their security is their responsibility first then the best possible security structures can be built out from that. That is only true because nobody else takes IT security seriously. Imagine if you took that attitude towards home intrusion. Suppose it were common for people to use the best available equipment to break into homes with little action by the police or military to prevent this. By best-available, I mean just that - the equipment available to a first world military (even a small first-world country). There isn't a home in the US that would withstand such an attack, and if there weren't much risk of getting caught there would be no reason for burglars not to use such equipment. To defeat such at attack would require each homeowner to basically have a private military standing guard. When somebody hacks into your home PC, they're going to use the same kinds of zero-day exploits and rootkits that many first-world governments would use. Sure, the average attacker isn't quite at the level of sophistication as the USA or Chinese, but they're probably right up there with a country like Italy or France. The hackers likely face almost no risk of prosecution, so they can operate from sophisticated criminal organizations. Is it really realistic to expect EVERYBODY who uses a computer to be prepared to defeat such an attack? The reality is that almost nobody is, and so criminals break into computers at their leisure. Companies aren't going to elevate their security until attacks become so pervasive that it becomes a requirement of doing business and they can therefore successfully pass their costs onto their customers. Until then they'll just purchase insurance and let everybody change all their credit card numbers three times a year. We expect national governments to control their physical borders. In fact, a country that fails to do this is generally not recognized as a country - this is almost the definition of sovereignty. Why wouldn't people expect their governments to provide a similar level of security online? -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug