more on cybersecurity neglected

[David Farber <dave () farber net>]

Begin forwarded message:

From: Johan Ovlinger <johan () ccs neu edu>
Date: October 18, 2004 7:49:23 PM EDT
To: dave () farber net
Cc: Ip <ip () v2 listbox com>
Subject: Re: [IP] more on cybersecurity neglected

David Farber wrote:
> Begin forwarded message:
> From: Rich Kulawiec <rsk () gsp org>
> And the chilling part is that it's only going to get worse: I find  
> myself
> wondering if there is an upper bound on the number of systems that will
> be compromised/hijacked other than the number of systems that *can* be
> compromised/hijacked.
> The fix?  There is no fix, at least not one that most people will  
> accept.
> ---Rsk

Bruce Schneier suggests (and I tend to agree) that the only way we'll 
see substantial improvements to computer security is when computer 
owners and software vendors become liable for havok wreaked with their 
computers.

He predicts a new form of insurance: security liability insurance. Just 
like it is cheaper to insure a car or house with a good security 
system, it would be cheaper to insure a computer running a secure 
operating system.

But you're right; this would require a degree of regulation of the 
internet that most users would find unappealing (*), and doesn't 
address the rest of the world (see the recent thread on broadband in 
korea).

(*) would it be legal to connect home-brew computers running free OS'es 
to the internet, or would only certain computers be allowed, like cars 
on our roads?  "Wow, that PC is fast! Is it internet legal?"

Johan

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/