Glider from the game of Life, rising from the left

Unity

Archives

Blogroll

Topic: #disclosing-vulnerabilities

Cracking Is a Bad Idea Even When the Good Guys Do It

2018-09-05⊺14:33:42-05:00

Many national governments now claim the privilege of breaking into computers and networks that belong to their own citizens or subjects. Even when these system crackers are well-intentioned and wish only to promote the common good, their activities have some highly undesirable side effects.

“Security Risks of Government Hacking”
Riana Pfefferkorn, Center for Internet and Society, Stanford University, September 4, 2018
https://cyberlaw.stanford.edu/files/publication/files/2018.09.04_Security_Risks_of_Government_Hacking_Whitepaper.pdf

This paper addresses six main ways that government hacking can raise broader computer security risks. These include:

* Creating a disincentive to disclose vulnerabilities that should be disclosed because other attackers might independently discover them;

* Cultivating a market for surveillance tools and 0-days;

* Risking that vulnerabilities exploited by the malware will be identified and used by other attackers, as a result of either law enforcement's losing control of the hacking tools, or discovery by outsiders of law enforcement's hacking ability;

* Creating an incentive to push for less-secure software and standards; and

* Risking that malware will affect innocent users.

There's also the possibility that government cracking might discourage the use of free software, which would be extremely disadvantageous even if it were not a security risk.

#security #disclosing-vulnerabilities #state-sponsored-cracking

Hashtag index

This work is licensed under a Creative Commons Attribution-ShareAlike License.

Atom feed

John David Stone (havgl@unity.homelinux.net)

created June 1, 2014 · last revised December 10, 2018