[tclug-list] PBS NewsHour on cybersecurity and cyberwar

Tue Aug 17 09:47:46 CDT 2010

I think it's fascinating.  Software complexity had exceeded our  
ability to manage it.  Sins of software makers have piled ontop each  
other and become part of the foundation.  And then there's just old  
fashioned mistakes.

Our software is swiss cheese.  Every time I pull a dozen 'security  
updates', I realize there were a dozen holes yesterday.  And there  
will be a dozen holes tomorrow.

When ssh/ssl had a hole a couple years ago that rendered it  
ineffective (200k possible keys), that alone meant almost everyone was  
vulnerable.  And it was caused by just a simple programming mistake.

I worked on FAA-certified aviation software for a bit, and that's an  
example of how you write software to be secure.  But it's also crazy  
expensive.  Each if-statement and for-loop has to have a test case.   
The tester is independant from the coder.

The big computer virus bot networks?  I doubt they are ran by a  
swedish tennager from his parents basement.  If an IT admin is  
challenged running a network with 100 desktops, all running the same  
software, then how many admins does it take to rum a decentralized  
network of 10,000,000 nodes in a hostile environment, using custom  
software, and across diverse platforms?

Considering the power of bot nets, if they aren't run by governments,  
or at least infiltrated by govts, then it is alsmost negligence.

The plus side:  Since robots are now being used in warfare, and  
carrying live ammo, I'm ok with software being imperfect.  That will  
be how we defeat skynet :)

Jeremy

Sent from my iPod.
...because my other device is a BB Storm.

On Aug 16, 2010, at 12:31 AM, Mike Miller <mbmiller+l at gmail.com> wrote:

> An 8-minute segment:
>
> http://www.pbs.org/newshour/bb/science/july-dec10/cybersec_08-10.html
>
> You can watch it or read the transcript.  What do you think?  I  
> think we
> have a problem that we can fix, but only if we take it seriously and  
> are
> willing to work on it.  I'm not sure that we're up to it right now.
>
> Mike
>
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list