more on MS XP service pack will automatically download *and* install updates

[Dave Farber <dave () farber net>]

Here are my two Grand Challenges on Security (auto update is #2)


> Grand Challenge #1
>
> Background
>
> After 9/11 and the subsequent reorganizations of the federal
> organizations that resulted in, for example,  the DHS , there was
> required the "sharing" of intelligence information between sectors of
> the intelligence and law enforcement community at a scale that
> previously had never been contemplated. While this is considered
> necessary for national security, it raised a set of severe concerns
> dealing with the propagation of such information  into large
> communities where proper safeguards of use and audit ability
> isdifficult to implement and to enforce.
>
> Simultaneously, there was raised by many citizens, a concern for their
> privacy as personal information of various levels of quality is to be
> widely distributed to organizations both with in the federal arena and
> state law enforcement. They are also concerned as to the tendency to
> use this information for other>originally gathered for -- for example the use of the airline security
> lists for catching dead beat fathers etc with and without the consent
> of the citizens.
>
> Finally there is concern that  the data transferred between
> organizations may disclose sensitive information about the sources of
> the information and the methods used to gather it. However those
> pieces of information are critical to the metric of the believability
> and usability of the information. How to transmit a metric of the
> originators belief to a client organization is critical. Such
> approaches are not obvious.
>
> Grand Challenge #2
>
> As the latest virus and worm attack has shown, many computer users,
> both home and industrial, fail to keep their systems properly upgraded
> with the software fixes that are targeted to stop such
> vulnerabilities.. While the Windows systems is the "popular" target
> for such attacks and failures, other systems can and will suffer the
> same fate. It has been proposed that the software vendors be able to
> automatically access their customer systems to make sure that they are
> up-to-date. This raises a set of very difficult problems that range
> from the potential of a massive worldwide computer failure if a
> upgrade actually contains a problem that takes down a significant
> number of machines (as has happened in the past). Many of these
> machines may serve critical applications and thus cause serous
> national security problems. In addition there is the potential for
> hijacking of the upgrade mechanism  that would make many internal data
> accessible to an attacker. How to provide reliable computing, given we
> are 'stuck" with the current software/hardware systems is vital and
> non trivial.

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/