Slashdot Mirror
How the Code War Has Replaced the Cold War
An anonymous reader writes "After years on the defensive, governments are building their own offensive capabilities to deliver digital attacks against their enemies. It's all part of a secret arms race, where countries spend billions of dollars to create stockpiles of digital weapons and zero-day flaws. But is this making us any safer, or putting us and the internet at risk? 'Estonia is a small state with a population of just 1.3 million. However, it has a highly-developed online infrastructure, having invested heavily in e-government services, digital ID cards, and online banking. ... The attacks on Estonia were a turning point, proving that a digital bombardment could be used not just to derail a company or a website, but to attack a country. Since then, many nations have been scrambling to improve their digital defenses -- and their digital weapons. While the attacks on Estonia used relatively simple tools against a small target, bigger weapons are being built to take on some of the mightiest of targets.'"
Since they seem destined to exist I hope that the cyber weapons being built have adequate safeguards against their misuse or accidental use.
Cyber warfare is worse than submarine warfare in terms of being able to identify an attacker. It provides the means for potentially anonymous devastating attacks. How will the world react to that?
Cyber arms control will be difficult to achieve, at best, maybe impossible.
Will a "Cyber Geneva Convention" be needed? No attacking hospitals, etc.?
How will organized crime and black hats fit into this framework? Will they be in the new era what pirates were in the 1700s - 1800s?
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
If cyber "war" has replaced nuclear war then that is an excellent trade. Even John Kerry was waxing nostalgic for the Cold War the other day. What a joke! Are people that dumb? Have we so quickly forgotten what it was like to face a REAL threat of annihilation and actual global destruction? I would take another 9/11 over another Cuban Missile Crisis any day of the week. Let alone some computer hacking.
... and let me tell you, if Cyber War replaces Cold War, they are winning this time...
If programs would be read like poetry, most programmers would be Vogons.
It isn't adopting new technology, it is doing so focusing being as cheap as possible in the short term, and damn the long run.
In reality, I see at least six things that, had it been implemented earlier, would have saved us a lot of issues:
1: The concept of tainted instructions and having anything a Web browser grab be viewed as potentially hostile. This means add-ons are restricted to a sub-context and only can get keyboard input if they have the focus (and they have to be clicked on to have that happen), and the OS the Web browser sits on not just isolate its processes in memory, but also the file system. This way, there isn't an undocumented API a compromised browser or add-on could use to expand its context.
2: Moronic things like the USB protocol where a disk drive can present itself as a keyboard. It would be nice to have specific USB ports where only drives can register in one set, keyboards in another set, and so on.
3: The almighty firewall as the answer to all remote hacking. This worked when hacks were incoming, but now with the primary means of attack holes in Web browsers, the focus needs to be on add-ons and the browser, then defense in depth.
4: Backups got set aside. It wasn't that long ago when every serious PC had a tape drive with it because hard disks died, and tape was cheap, and worked well. Now that people think they can back up to hard disks (note, none I know of are archival grade), it is a matter of course to lose data.
5: Trusting other people with security. When people stopped packing their own parachutes, the shit hit the fan. If one wants to store stuff with an offshore provider, great. Just encrypt the damn files before they leave the site.
6: Final one... no security specs or audits whatsoever except for the US Government's FISMA compliance that can have random audits happen. Only time an audit happens in a lot of private companies is after a breach happens.
7. Equating a running process with a user and assigning privilege accordingly - this is a massive fail. It was relevant back in the day when researchers logged on to shared systems and ran programs they had written themselves. It assumes a complete knowledge of the program to be run, which has not been the case for 30 years, but is still the standard level of trust.
I fail to see the problem with his choice of words, you find exploits and put them in an arsenal of attacks. Just because you count number of exploits and not numbers of guns it's still an accumulation of weapons set aside for future use in cyber-warfare. And of course it costs lots of money to maintain such an arsenal as old exploits are patched or the vulnerable software or hardware goes out of use, it doesn't have a shelf life like physical weapons but your capability degrades over time unless you supply it with new exploits not entirely unlike when your enemies upgrade their weapons capabilities making yours obsolete. At least it's no worse of an abuse than using "cyber warfare" for sending bits and bytes instead of bullets at each other.
Live today, because you never know what tomorrow brings
Instead of global thermonuclear war, we now have to worry about WoW going down. Seems like a good tradeoff to me.
Instead of WoW, worry about the national infrastructure. Imagine all the SCADA devices insecurely connected to the Internet going down more-or-less simultaneously. No electricity, natural gas, or water distribution systems, no sewage treatment, etc. After a few hours/days without electricity the backup systems would start dying, so no phones or Internet either.
So no WoW, as you pointed out. But that would be the least of our problems :)
This.
This isn't a war between Us and Them where we race to break each other's stuff.
This is a war between people who would like to use computers to build nifty stuff to make people's lives better, and people who would like to break other people's computers to advance their political agendas.