If anything, the collaborative model we use should _decrease_ trust,
except, well, unless you compare it to the other model -- corporate
software -- where they don't even start from any position of trust.
There you are trusting the money, here you are trusting people I've
-- Theo de
Karsten Nohl's assessment of dozens of car makes and models found weaknesses in the way immobilisers are integrated with the rest of the car's electronics.
The immobiliser unit should be connected securely to the vehicle's electronic engine control unit, using the car's internal data network. But these networks often use weaker encryption than the immobiliser itself, making them easier to crack.
What's more, one manufacturer was even found to use the vehicle ID number
as the supposedly secret key for this internal network. The VIN, a unique
serial number used to identify individual vehicles, is usually printed on
the car. "It doesn't get any weaker than that," Nohl says.
That's because IT security in 2020 will be less about protecting you from
traditional bad guys, and more about protecting corporate business models
from you. Deperimeterization assumes everyone is untrusted until proven
otherwise. Consumerization requires networks to assume all user devices are
untrustworthy until proven otherwise. Decentralization and deconcentration
won't work if you're able to hack the devices to run unauthorized software
or access unauthorized data. Deconsumerization won't be viable unless
you're unable to bypass the ads, or whatever the vendor uses to monetize
you. And depersonization requires the autonomous devices to be, well,
Our computers do so much now, they've become a liability. The only people
who know how to take advantage of all their functionality are the people
writing malicious code. Microsoft and every other OS builder have
established decent security, but the weak point is usually the user, who
clicks a page or opens an e-mail that they're not supposed to. Locks are no
good when you leave the front door open.
misses the boat
Also interesting is the discussion of the asymmetric nature of the
threat. A country like the United States, which is heavily dependent on the
Internet and information technology, is much more vulnerable to
cyber-attacks than a less-developed country like North Korea. This means
that a country like North Korea would benefit from a cyberwar exchange:
they'd inflict far more damage than they'd incur. This also means that, in
this hypothetical cyberwar, there would be pressure on the U.S. to move the
war to another theater: air and ground, for example. Definitely worth
reviews Cyber War
to post comments)