zlacker

[parent] [thread] 4 comments
1. mrdoop+(OP)[view] [source] 2021-07-20 20:39:17
The whole approach of regulating on the level of "please don't exploit vulnerable systems" seems reactive to me. If the cats out of the bag on a vulnerability and it's just data to copy and proliferate - not much a government can do other than threaten with repercussions which only applies if you get caught.

The only tractable way to deal with cyber security is to implement systems that are secure by default. That means working on hard problems in cryptography, hardware, and operating systems.

replies(1): >>Animal+f3
2. Animal+f3[view] [source] 2021-07-20 20:55:31
>>mrdoop+(OP)
By the exact same logic, implementing physical security on the level of "please don't kill vulnerable people" would also be reactive. If the cat's out of the bag on a way to kill people, well, don't we need to implement humans that are unkillable in that way? That's going to mean working on some hard problems...

No. We don't operate that way, and we don't want to.

But for us to not operate that way in cyberspace, we need crackers (to use the officially approved term) to be at least as likely to be caught (and prosecuted) as murderers are. That's a hard problem that we should be working on.

(And, yes, we need to work on the other problems as well.)

replies(1): >>shkkmo+47
◧◩
3. shkkmo+47[view] [source] [discussion] 2021-07-20 21:13:57
>>Animal+f3
Despite the enforcement mechanisms against murders (which work less than 2/3s of the time), you see many places that implement preventive security measures to make killing people more difficult.

I think it is wholey reasonable to work on both preventive and punitive approaches. For online crimes, jurisdictional issues are major hurdles for the punitive approach.

replies(1): >>Animal+ji
◧◩◪
4. Animal+ji[view] [source] [discussion] 2021-07-20 22:27:13
>>shkkmo+47
> For online crimes, jurisdictional issues are major hurdles for the punitive approach.

Yeah. If you can catch people in your jurisdiction (without the problems of spoofing and false flags), then people are just going to attack you from outside your jurisdiction. You'd have to firewall your jurisdiction against outside attacks. (You might even be able to do that, by controlling every cable into the country. But then there's satellites...)

replies(1): >>roywig+tu
◧◩◪◨
5. roywig+tu[view] [source] [discussion] 2021-07-21 00:23:56
>>Animal+ji
the original tale of international cyber espionage was accomplished via a satellite link

https://en.wikipedia.org/wiki/The_Cuckoo%27s_Egg_(book)

[go to top]