Slashdot Mirror

← Back to Stories (view on slashdot.org)

Starting an International Cybersecurity Conversation

Posted by kdawson on from the let's-talk-you-go-first dept.

crimeandpunishment writes "Every government in the world is dealing with cybercrime, but they're all doing it on their own. In the context of 'cyberwar' saber-rattling on all sides, getting governments to share information is a challenge. But an international security conference this week in Dallas is aimed at doing just that — even if only on an informal basis."

6 of 51 comments (clear)

  1. Re:OpenBSD could eliminate "cybercrime". by YrWrstNtmr · · Score: 5, Insightful

    "Cybercrime" could be outright eliminated if OpenBSD was more widely used.

    You
    Are
    High

    yes, OpenBSD is more secure than windows/OSX.whatever. But a lot of 'cybercrime' happens as a result of userspace. Social engineering. Fraudulent emails. You will need to fix the users.

    Also, what do you do about the desktop? You can go on all you want about OpenOffice, etc, but a decade ago when Company X went with Office 97 or 2000...those alternatives did not exist. So now they have 10+ years of corporate crap and tribal knowledge built around the MS Office ecosystem, which cannot change quickly. No matter how much you want it to, it cannot/will not change easily.

    Technical problem? Ok, make [your fave distro] integrate as easily as Office/Exchange/Outlook/SharePoint. Not parts of it....all of it.

  2. I guess... who cares? by Moraelin · · Score: 4, Insightful

    All the talk about "cyberwar" is good and fine, but in the end it seems to me like it's already had a name: "security". In the end, there's very little difference between hardening a machine so chinese government blackhats don't get in, and hardening it so script kiddie asshats don't get in. Unlinke SF movies, there is no way to just type "retrieve password" on some terminal with big letters and get in a system that had no unpatched vulnerabilities to start with.

    In the end, a buffer overflow is a buffer overflow, and an XSS exploit is still an XSS exploit, and files accessible by guessing the URL are still files accessible by guessing the URL. And so on. If that exploit is, well, actually exploited by a Russian government blackhat it's "cyberwar", if the exact same exploit is used by an asshat kiddie, it's just being pwned.

    And it seems to me like security experts were already going to conferences and otherwise communicating with each other. Exactly what's the loss if they don't explicitly represent some government?

    --
    A polar bear is a cartesian bear after a coordinate transform.
  3. Imaginary problem by girlintraining · · Score: 3, Insightful

    Everybody's talking about cyberwarfare, but nobody's ever come up with an example of it. Identity theft? Viruses? malware? That's not war. War involves people being hurt -- and I mean really hurt. Not skimming a few extra bucks off the till or organized crime, which is the closest any of this has come so far.

    Has anyone managed to shut off the internet? Disable emergency services (911) across the country (or even a state)? Have planes fallen out of the sky, power gone out, hospital computers taken down, or any other act that can be directly attributed to a malignant entity (as opposed to mere human error)? No. And it's not likely to happen anytime soon either.

    It's just not cost effective to spend tens of thousands of dollars finding and exploiting security weaknesses in those systems when a 5 gallon tank of diesel, fertilizer, and a match can take out those same systems for a lot less cost. Cyberwarfare between countries isn't likely to happen until other, cheaper methods of warfare somehow become ineffective. At best, cyberwarfare would consist of espionage efforts and manipulating data to advance certain political goals -- and countering that threat is currently handled by the intelligence community.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Imaginary problem by grcumb · · Score: 2, Insightful

      There's one concrete example of cyberwarfare.

      ... which was apparently detected and corrected.

      Er, yeah, those are the only ones they can talk about, because they're the only one they want the public to know about. If a problem's been detected and the damage report isn't complete yet, or if a fix hasn't been fully implemented or even if the damage done was embarrassing... there's no way you'd want to tip your hand and let the attacker know your reaction.

      And so what if they knock out a small part of the grid for a few hours or days -- What damage does that actually cause? Unless it's part of a coordinated strike, it doesn't do much.

      Asked and answered. At the right moment, a power cut can be catastrophic. Perhaps military channels remain open, but if civilian channels are closed, it throws the environment into chaos, making a coordinated response to the civilian crisis vastly more difficult to manage. This ties up resources that could have been focused on defence or counter-attack.

      Disabling these services also denies the military the ability to fall back to using the civilian infrastructure in the event of excessive damage to its own capability. That's a great way to shorten the conflict. Why do you think the very first things to get hit during an attack are military and civilian communications and logistics?

      The ability to do so over the Internet, without any significant expenditure of personnel or materiel, must seem like a godsend to some.

      --
      Crumb's Corollary: Never bring a knife to a bun fight.
  4. PEBKC by Agarax · · Score: 4, Insightful

    The problem exists between keyboard and chair.

    An OS is only as secure as the person who uses it.

    Anything else is fanboyism.

    --
    Remember folks, slashdot doesn't have a -1 "disagree" moderation!
    1. Re:PEBKC by DWRECK18 · · Score: 2, Insightful

      Your right that the "chair" in question is necessarily the one that the user is sitting in, however you make it sound as if the OP by Agarax is is wrong when its not. For as much as you harden a network and lock it down and secure everything those issues where some user looks at an e-mail and says sure i'll visit your BOA page and input all my information again because well you apparently need it, come on. I have work on secure facilities where things were locked down tighter on the network than fort knox and yet still a user managed to get some form of malware on the network. It happens, unless you completely take away use of the internet from users which by the way I dont recommend as it makes for a very unhappy workplace. However, Antique Geekmeister you aren't wrong either as security through obscurity and just all around poor physical security and network security could also cause as much damage. So as we step back and look at this, we can't blame any single person because depending on what the vulnerability is that was exploited is truly what dictates where the problem started.