Quiet, quiet, quiet...
Aug. 13th, 2001 03:20 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
alexpgpThe first half of the shift was pretty much dead, with only three exchanges with the Russian side. Olga is on console right now, and I'm in the back room in case there is a flurry of activity requiring a second interpreter.
You never know.
In my copious spare time outside of the MCC, I'm reading Hack Attacks Revealed, and between that book and Bruce Schneier's Secrets and Lies : Digital Security in a Networked World, which I was reading in Colorado just prior to coming down to Houston, I find myself thinking that the present situation vis-à-vis computer security is balanced on a very precarious edge, one that will seem wide, deep, and rock-solid just a few years from now.
Then again, perhaps my perspective is a bit skewed. Back when I was in junior high, I stumbled across one of my father's more unusual books, a forensic textbook on homicide investigation. It was a fascinating book, but as I turned the pages, I began to develop a sense of despair, coming to believe that homicide was an ubiquitous phenomenon.
Today, I feel almost the same way about computer and network security (perhaps "insecurity" would be a better word). Such security would seem to be an illusion, and the world that begins at that phone jack in the wall is occupied by significant numbers of people whose mission in cyberspace is to strip-search you, virtually, and possibly retain an item or two of what they find.
No. Actually, I feel worse. Murder is a serious crime, and despite the natural tendency of the media to sensationalize homicide, the enormity of the act itself tends to limit its occurrence.
The exploitation of weak computer security, on the other hand, carries no such baggage. For many, it's a lark, about as serious as spray-painting graffiti on a building, but with much less risk of getting caught.
Over the past few years, I've had computer systems compromised twice. (Which is to say, I am aware of two such instances, so the actual number may be higher.)
The first time, someone rooted my Linux box and proceeded to format my hard drive; the second time, someone quietly created a root-privileged account on my machine, for purposes I can only guess at.
Having strangers scan one's machine - the cyber equivalent of having someone stop by your front door and try the knob to see if the door is locked - is apparently a commonplace occurrence. There are tools out there that automate the process, effectively allowing the user to try a lot of doors in a short period of time. Moreover, when such people do find an door open, the consequences are generally unpleasant and can be serious.
Even more serious is the likelihood (and, in my opinion, inevitability) of a "public outcry" to have the government step in and "solve" the problem. The ringleaders of such an initiative will likely be those who abhor the seeming anarchic environment of the Internet (the news media, multinational entertainment conglomerates [oops, I repeat myself!], and their allies).
The result could be disastrous: A far-fetched scenario might involve serious (and draconian) infrastructure changes that would attempt to combat "unauthorized" behavior over networks; somewhat less fanciful is the establishment of regulations that would make it all but impossible for individuals (but not governments or corporations, natch) to retain anonymity. (Hmmm, this may not be all that far-fetched. I seem to be rehashing much of the content of the "Convention on Cybercrime," which I touched upon in a post last November, on Staying away from the tube....)
In such a world, the Internet would effectively be reduced to the level of television, not just only under the control of a Powerful Few, but bulked up with capabilities that, frankly, make marketers (and bureaucrats) drool.
Television on steroids, as it were.
[Where am I going with this? Beats me. I'm just free-wheeling with some notions, listening to the loops (all is quiet), and fighting a moderate case of oh-dark-thirty fatigue. Does it show?]
I need to go stretch my legs.
Cheers...
You never know.
In my copious spare time outside of the MCC, I'm reading Hack Attacks Revealed, and between that book and Bruce Schneier's Secrets and Lies : Digital Security in a Networked World, which I was reading in Colorado just prior to coming down to Houston, I find myself thinking that the present situation vis-à-vis computer security is balanced on a very precarious edge, one that will seem wide, deep, and rock-solid just a few years from now.
Then again, perhaps my perspective is a bit skewed. Back when I was in junior high, I stumbled across one of my father's more unusual books, a forensic textbook on homicide investigation. It was a fascinating book, but as I turned the pages, I began to develop a sense of despair, coming to believe that homicide was an ubiquitous phenomenon.
Today, I feel almost the same way about computer and network security (perhaps "insecurity" would be a better word). Such security would seem to be an illusion, and the world that begins at that phone jack in the wall is occupied by significant numbers of people whose mission in cyberspace is to strip-search you, virtually, and possibly retain an item or two of what they find.
No. Actually, I feel worse. Murder is a serious crime, and despite the natural tendency of the media to sensationalize homicide, the enormity of the act itself tends to limit its occurrence.
The exploitation of weak computer security, on the other hand, carries no such baggage. For many, it's a lark, about as serious as spray-painting graffiti on a building, but with much less risk of getting caught.
Over the past few years, I've had computer systems compromised twice. (Which is to say, I am aware of two such instances, so the actual number may be higher.)
The first time, someone rooted my Linux box and proceeded to format my hard drive; the second time, someone quietly created a root-privileged account on my machine, for purposes I can only guess at.
Having strangers scan one's machine - the cyber equivalent of having someone stop by your front door and try the knob to see if the door is locked - is apparently a commonplace occurrence. There are tools out there that automate the process, effectively allowing the user to try a lot of doors in a short period of time. Moreover, when such people do find an door open, the consequences are generally unpleasant and can be serious.
Even more serious is the likelihood (and, in my opinion, inevitability) of a "public outcry" to have the government step in and "solve" the problem. The ringleaders of such an initiative will likely be those who abhor the seeming anarchic environment of the Internet (the news media, multinational entertainment conglomerates [oops, I repeat myself!], and their allies).
The result could be disastrous: A far-fetched scenario might involve serious (and draconian) infrastructure changes that would attempt to combat "unauthorized" behavior over networks; somewhat less fanciful is the establishment of regulations that would make it all but impossible for individuals (but not governments or corporations, natch) to retain anonymity. (Hmmm, this may not be all that far-fetched. I seem to be rehashing much of the content of the "Convention on Cybercrime," which I touched upon in a post last November, on Staying away from the tube....)
In such a world, the Internet would effectively be reduced to the level of television, not just only under the control of a Powerful Few, but bulked up with capabilities that, frankly, make marketers (and bureaucrats) drool.
Television on steroids, as it were.
[Where am I going with this? Beats me. I'm just free-wheeling with some notions, listening to the loops (all is quiet), and fighting a moderate case of oh-dark-thirty fatigue. Does it show?]
I need to go stretch my legs.
Cheers...
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
"television on steroids"
Date: 2001-08-13 07:57 am (UTC)no subject
Date: 2001-08-13 08:26 am (UTC)The Ft. Knox approach...
Date: 2001-08-13 10:28 am (UTC)The problem, though, lies with not only having anything you offer be considered suspect by consumers, but having to consider what is offered to you to be suspect as well, unless it is backed up with strong authentication.
The idea of surfing anonymously at the corner Internet cafe won't wash under such a model, since strong authentication will be ubiquitous. I would imagine it will be easier to board and aircraft without a photo ID than to sit down and surf without properly identifying yourself.
Then again, the issue has little, if anything to do with wanting to behave surreptitiously. A desire for private matters to remain so should not be considered suspect from the get-go. The issue isn't having something to hide, it's wanting to keep things private (e.g., wanting to seal letters in envelopes in a world that wants everything written on postcards).
Cheers...
Re: The Ft. Knox approach...
Date: 2001-08-13 02:44 pm (UTC)no subject
Date: 2001-08-13 08:30 am (UTC)