[IP] Re: NYT article on the (ever-more-sophitsticated) bot wars

[David Farber <dave@farber.net>]

Begin forwarded message:

From: Tony Lauck <tlauck@madriver.com>
Date: December 9, 2008 12:07:25 PM EST
To: dave@farber.net
Subject: Re: [IP] Re:   NYT article on the (ever-more-sophitsticated)  
bot wars

There is an simple legal change that could be made that would lead to  
an improved cybersecurity situation:

1.  Owners of networked computers would be held legally responsible  
for all activities performed by their computers, including those  
caused by viruses and BOTs. They would be responsible if their  
computers sent information that caused harm. They would also be  
responsible if their computers took local action on the basis of bogus  
information that they received. They would be responsible, period.

2.  Computer software and hardware vendors would not be able to  
disclaim liability for security bugs. They would share responsibility  
with their customers for the effects of these bugs.

Eventually, laws like these are going be passed, just as laws require  
swimming pools to be secured with locked gates and fences.  It may be  
a bit early for such draconian simplicity, but it would be a good idea  
for the industry to think about what they would do were such laws to  
pass.

Tony Lauck
https://www.aglauck.com



David Farber wrote:
> I agree djf
> Begin forwarded message:
> From: Tom Van Vleck <thvv-post@multicians.org>
> Date: December 8, 2008 2:06:47 PM EST
> To: dave@farber.net
> Subject: Re: [IP] NYT article on the (ever-more-sophitsticated) bot  
> wars
> John Markoff's article on the "cybersecruity problem" says
> "Internet security is broken, and nobody seems to know quite
> how to fix it."
> We know how to fix it.  We chose not to fix it in the past.
> Now the fix will be expensive and require replacement of
> things we bought that don't work, and cannot be fixed.
> If we can't afford the fix now, it will cost more later.
> We would rather rely on magical thinking.  If we ignore the
> problems of security maybe the bad guys won't notice us.
> We rely on magical thinking when we build insecure systems
> using inadequate tools and practices, connect them with
> insecure protocols, do not administer them at all, and then
> expect that they will do things they are not designed to do.
> It's like filling our gas tanks with water and then
> complaining that the car doesn't run. And when someone
> suggests gasoline, saying, "oh, but this is much cheaper."
> Commercial antivirus is magical thinking similar to current
> airline security.  If the virus goes through a security
> checkpoint, gives its real name, and if that name is on our
> list of bad guys, it will be stopped.  Or we can try to
> cheat Turing and decide whether a program will do something
> bad in the future.
> -- VanVleck.SysAdmin
> -------------------------------------------

--
"Difficulties can never be greater than your capacity to solve them."
  - P. R. Sarkar

Anthony G. Lauck
PO Box 59
Warren, VT 05674
Southface 5 (for UPS and FedEX)
81 Park Ave
Warren, VT 05674
(802) 583-4405 (802) 329-2006 (FAX)





-------------------------------------------