Bruce Schneier says “Remember this: The math is good, but math has no agency. Code has agency, and the code has been subverted.” (read original)
What this means is that the theory behind something — in this case encryption using “hard” mathematics — may be very good, but the implementation can be full of “gotchas” — errors, omissions, faults — and that‘s what will get you in the long term. He was specifically commenting on Edward Snowden’s revelations about the US National Security Agency and whether they can read all encrypted messages, but it can apply to many other software endeavors.
If you’re thinking of writing some software whose function is critical, and especially if lives depend on it, you have to be extremely careful with your implementation. And Open Source is a big plus because other eyes can look at your code and spot mistakes that you, as author, are likely to overlook.
So whatever you’re working on, be very, very careful with the implementation.
The government of the USA was constituted “to provide for the common defense” among other things. Unfortunately the line between public responsibility and private responsibility for defense in cyberspace could be rather blurry.
Clearly when there is warfare in the physical world the combatants are also likely to utilize cyber tactics of some sort, even if only for informational or propaganda purposes, but more likely as powerful tactics to take down their target’s ability to respond quickly or in a focused manner. Because governments aren’t really equipped to handle these types of attacks, which would include attacks against private infrastructure, not just government systems, they’d have to rely on private companies, individuals and groups — essentially private armies — to deflect or thwart any attack. (continue reading…)
The public release of the document Shadows in the Cloud is important because this document contains some very important messages—stated very clearly—that haven’t really been said publicly before.
If you’re not a cyberspace expert and don’t care for geek talk, you may think it’s just another report on cyber espionage. But the messages are important for everyone. And my point is that they are very clearly explained!
Ron Diebert and Rafal Rohozinski, in their Foreward, point out that crime and espionage go together. Or that wherever one goes, the other is soon to follow.
They don’t say this directly—these are my words: Crime, espionage (and warfare) seep into the interstitial spaces of society and occupy any vacuum they find. And from there they can grow to occupy the whole of the space, like a mold, fungus, or rot.
What we are seeing in online attacks against free speech sites these days, particularly drive-by attacks, is that they do not seem to be politically or idealistically motivated, instead they are opportunistic and (presumably) economically motivated because they’re focused on injecting spambots and trojans, not on altering the message of the nonprofit web site.
 See CyberSpark.net and click “drive-by” on that page
In early June, I was in a nice rainy East Coast US city for meetings dealing with particularly thorny issues related to ways the Internet experience is being killed off for regular folks—and for institutions (NGOs) that are promoting free speech and human rights. Over a small breakfast, I sketched in my book some notes about the progression of malware over time. Basically paralleling the development I describe in my site The Social Graph of Malware, malware has gone from simple and juvenile defacement of web sites to become sophisticated and bandwidth-hogging socially-engineered schemes designed to get people to fall for a purchase they didn’t want to make, or just to click a link to enroll their computer in a network of zombies poised to conduct nasty attacks on other people. (continue reading…)