For example, Apple set out to create a graphically-based computer, and the product line just sort of drizzled along for years, not quite dying but never taking off. Microsoft came along and repurpopsed a hardward platform build mostly for character-based computing into a GUI and kaboom, everything took off, including Apple’s eventual successor offerings. Or the Internet repurposing protocols meant to send academic papers back and forth into the worlds biggest shopping mall and peep theater.

None of these things can be secured very well because the basic systems are constantly being pressed into service supporting uses they were never designed to support. Whatever security subsystem might have been built into the original design won’t recognize the new use as legitimate and will try to block it, so the security subsystem gets turned off. Then of course a replacement security system that understands the new use is cobbled together to sit on top of everything, but since it wasn’t baked into the original design it is much easier to exploit than something organic to the system. Plus everything is evolving so fast nothing can really be properly testing in time to still be relevant…

Is just the guy I’m looking for to break a system. The guy who decides the security procedures are just a pain. That gives a “break” or a “crib” or some clue I can use to turn the noise into a useful message.

toad,

You might want to read a book on the crypto wars of WW2.

Body Guard of Lies

Then do deeper research.

#7….or deny medical coverage to prisoners on death row.

Some of them are innocent. In Illinois the number of innocent was significant. Case closed sounds much nicer than “we haven’t found the right guy”.

In addition the proliferation of wireless to reduce installation costs will come back to bite our factories. As a controls engineer I can preach all I want. The bean counters ain’t listening. There should be no internet protocols on airplanes. It should all be custom comms. protocols. Well I have no influence and the Internet is so trendy. But you know what? There is no guarantee your message will get through. And Ethernet is very high speed if singly loaded. Get many on a bus and your through put can go to zero. It is somewhat deterministic when lightly loaded totally non deterministic when the loading is heavy.

This is fixed where comms reliability is critical by assigning devices time slots.

1. Is the ability to get an abortion really a show of the power of the state? I would think that being forced to get an abortion a la China was more in that realm. Or the opposite of China where abortions are only available in a black market.

2. Is classical liberalism about individual rights or the right of groups to form polities? i.e. were our founders classical liberals or something more radical. Should the Declaration have stated: All Groups are created equal?

===

Security – absolute keeping of secrets is impossible. The best you can do is keep them for a time and slow their diffusion. And for those of you in the know – Shakespeare Storm. And no matter how good your crypto – sigint and procedural mistakes will compromise your secrets to a greater or lesser extent. People are very good at ferreting signals out of the noise.

Of course it is all a double edge sword. If you know you have been compromised and your opposition does not know that you know then you can use that to mislead. Double crosses, triple crosses, quadruple crosses, and on up the line until you are in a wilderness of mirrors. What does a man stand for?

Back in 1986 I was very briefly assigned a collateral duty as Information Security Officer for COMNAVSURFPAC (N-2), Intelligence. The accompanying Instruction helpfully suggested that all computers be disconnected from telephone lines and placed more than X number of feet from windows, walls or embedded power lines. See how easy it is to be secure?

I once made a “workplace instructional video” on how to secure a computer. It began with me unplugging the network cable, then using a dremel tool to cut off the wireless antenna, then a drill with a hole saw to cut a hole in the case, into which I poured cement.

The audience was my colleagues on the security team, the purpose being to show them how absurd the typical instructions for securty were. Not sure I really got through to many of them, but it was fun to make it!

The stat that jumped out at me though was that there were “44,000 reported incidents of malicious cyberactivity.” That is a laughably small number. In my experience most malicious incidents go unreported, especially when many of them are relatively small. For example, root cause analysis after a major attack often reveals a significant time period in advance of attack where you see probes of defenses and small test runs of the attack vector. These are often done to establish the thresholds for alerts/alarms, after which subsequent preparatory work is done under those thresholds of detection or alert.

The primary attack methodology that many security professionals are concerned with now are coordinated bot networks. These have special command and control networks (C&C) that are getting more sophisticated by the day, and the infection methods are extremely diverse and difficult to protect against. The attack that takes down some critical network component could be achieved by using your own botted computers to cause you to essentially attack yourself.

Of course, as the security community (especially on public networks) ramps up efforts to identify and tackle bots, there is increasing pressure to give up the use of such tools (one of the parts of ‘net neutrality’). Hopefully we don’t get into a situation where we give up a bunch of good technical tools due to some ideal of a crime-free network that doesn’t exist (or existed 20 years ago), leaving us without good defensive tools.