|
|
#1
May 1st, 2012, 08:19 AM
|
||||
|
||||
Web War II: What a future cyberwar will look like
www.bbc.co.uk/news/magazine-17868789
An intersting piece, giving a general overview of where things are going
__________________
once we only had ideals, today they are the only things we are missing Microsoft MVP, 2006 - 2013/14 |
|
#2
May 2nd, 2012, 01:09 PM
|
|||
|
|||
|
Re: Web War II: What a future cyberwar will look like
I think the cyber-war threat is grossly exaggerated and I agree fully with Bruce Schneier on the topic. That's not to say that cyber crime is not a threat. It's not to say cyber espionage is not a threat. But these things are not "war" and are not usually done by nation-states.
There are examples of cyber attacks that were attributed to nation-states that we later found out were basically done by kids (the Comodo hack is one good example. Comodo came out and said it was a "very sophisticated" attack by Iran. Well, Moxie Marlinspike, a security researcher, investigated the hack. He found the same IP address that hit Comodo also downloaded ssltrip from his own website. He investigated further and found this guy was running Windows XP and was watching Youtube videos on "how to hack." So, basically, Comodo got pwned hard by an amateur in his basement). Another good example was HBGary, a security firm. Turns out it was Anonymous. This is not to say that Anonymous doesn't have talented members, but let's face it, they are basically kids playing politics. And we don't even know for sure whether the Estonia DDOS was done by Russia. As Schneier says, a DDOS in a military invasion doesn't make much sense. As he says, "It would be like Russia invading the US and having all their soldiers go jump in line in front of you at the Post Office." Also, as Schneier says, in order to defend against attacks you need to know who is hitting you and why. And the two things you don't know in a cyber attack is who is hitting you and why. As you can see, this makes attributing an attack to a nation-state very precarious. EDIT: Read the article. It appears the emphasis is on SCADA systems. Yes, SCADA systems are insecure. Yes, they need work. My solution is to simply do away with them or put them on their own secure VPN that is *not* routed through the public internet. This would be much like NIPRnet or JWICS that the DoD uses. Why these systems are on the Internet in the first place is beyond me. Of course, just because they are on a VPN doesn't mean they can't be hacked, but it does mean some guy in sitting in Iran can't hack a machine in the U.S. (he would need to physically travel here and then find a way onto the network). This would significantly decrease the attack surface and would be a good first step. Also, if hacking SCADA systems and bringing down the grid were so easy, it would have happened by now. The fact it hasn't happened means officials are, like always, greatly exaggerating the threat. Last edited by chronomatic : May 2nd, 2012 at 01:29 PM. |
|
#3
May 18th, 2012, 04:14 PM
|
||||
|
||||
|
Re: Web War II: What a future cyberwar will look like
Links to three episodes on radio iPlayer, for those who can access. Heard some of it on World Service...worth a listen.
https://www.f-secure.com/weblog/archives/00002364.html
__________________
A man's pride shall bring him low: but honour shall uphold the humble in spirit: Proverbs 29,23. "Only the wasteful virtues earn the sun": William Butler Yeats, April 27, 1916. |
|
#4
May 19th, 2012, 04:43 AM
|
||||
|
||||
|
Re: Web War II: What a future cyberwar will look like
Thank you both for links. Non of the cases are new but this is still interesting recap of intrusions, where states were more or less involved.
__________________
ESET Nod32 AV • Sandboxie • EMET • OpenDNS My security setup in detail • Always remember you're unique, just like everyone else • Last edited by tomazyk : May 19th, 2012 at 07:07 AM. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
