The first rule of zero-days is no one talks about zero-days (so we’ll explain)

Discussion in 'privacy general' started by lotuseclat79, Oct 21, 2015.

  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
  2. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,149
    Location:
    UK
    I'd disagree with a quote in the article:
    "It's that they hold no real threat for the average business or citizen."
    When you read the evidence of the large-scale capability under Quantum Insert for example, where they are industrializing to hundreds of thousands if not worse, then they jolly well are threats to business or citizens. Industrial espionage is certainly a factor, attacks on sys admins in ISPs, financial institutions etc.
    It's true that they will go to great lengths to make the detection of malware introduced in this way (as per Regin), but they definitely ARE looking to mass-attack, not just mass-surveil. And I think this will be automated, e.g. if you use strong encryption, you'll be at higher risk. No warrant, no probable cause - that's the unlawful path that the LEAs are treading.
    Which makes sandboxing, virtualisation and containerisation all vital tools.
     
  3. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    Hackers Make Cars Safer. Don’t Ban Them From Tinkering.

    -- Tom
     
  4. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Now what percent of the population does this though :) Still leaves 99.99% of the population vulnerable.

    Making tinkering illegal really only serves the government. My guess is the three letter agencies are upset that security researchers keep exposing zero day exploits they are using.

    I am sure the car hacking rules were proposed by the car companies who pay for...... I mean donate heavily to political election campaigns. The population is served greatly by responsible security researchers. Recent car hacks were exposed responsibly (maybe except for the freeway engine shutdown). Public safety was advanced and it built strong awareness of the issues connecting cars to the internet.
     
  5. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,149
    Location:
    UK
    Car control systems flat out shouldn't be connected to the internet at all. They should be air-gapped. Zero-days, known bugs, front doors or back-doors doesn't matter, there is no way of them being safe.
    That they are so speaks more to the power of lobbying as you say, rather then what's sensible technically or in the purchaser's interest. The day when you licence your car rather than buy it is coming ever closer.
     
Loading...