fbpx

Archive for future

You’re not paranoid… enough

February 23, 2015 future, Writing Comments Off on You’re not paranoid… enough

 

http://arstechnica.com/security/2015/02/superfish-doubles-down-says-https-busting-adware-poses-no-security-risk/

It’s almost a rite of passage.  You buy a shiny new computer (or tablet, or phone) and the very first thing you do (well, many of us anyways) is to start killing bloatware.  Virus checkers, game suites, custom browsers that direct you to a very specific set of stores, you name it, someone has paid the fee to have it sitting right there on your desktop as soon as you boot your machine for the first time.

But you don’t tend to think of these things as malicious.  Opportunistic?  Yes.  Annoying as all h*ll?  Absolutely.  Occasionally useful?  Okay, maybe.  And, while Just about everyone on the planet thinks it’s a P.I.T.A, not a lot of people seem to regard it as a threat.

Until now.

The issue, in this case, is not so much that the company in question is allowing ads to sneak in (that’s total crap, but not beyond the pale for the kinds of bloatware you find).  The real issue is that, in order to do it, they are bypassing security.  They are opening a door that a hacker with enough time and energy can exploit (and, lets face it, if there is a hole, they WILL find it.  period.  It’s not an IF question, it’s a WHEN and what color HAT are they wearing today question).

 

Cybercrime and Transparency

February 21, 2015 future, Writing Comments Off on Cybercrime and Transparency

 

Image courtesy kapersky.com

Obama Signs Executive Order Encouraging Private-Sector Companies To Share Cyber Security Information

Transparency is creeping ever closer.  I know people online bitch and moan about the lack thereof, but the truth of the matter seems to be that, inch by inch, policy by policy, transparency is seeping into our lives (whether we like it or not).  President Obama recently signed an executive order regarding the sharing of information between the govt. and private corporations with an eye towards combating cybercrime in a more wholesale fashion, which (for a change) pushes the latest steps in airing our undergarments to governmental/corporate collaboration (rather than exploring the boundaries of personal liberties).

But is a monolithic front to cybercrime really the most ideal solution?  Hackers (the really l33t ones at least) seem to be individualists, they have target preferences, unique ways of looking at problems that might not be easy to defend against as a single data-crunching system.  There is a certain amount of nimbleness required, which is why the bounty system (where corporations pay a bounty to programmers for each bug or hack reported and proven) seems to be as effective as it is, rather than engaging rooms full of people combing through the code.

« Older Entries   Recent Entries »