Re: Food for thought (resurfacing)

+1

I don't think you can construct a sufficiently complex system that is
absolutely immune to attack. What examples are there in nature? Determined
adversaries can and will find attack vectors given enough time  -- I worked
briefly in the security industry (on visualizing realtime data but I also
came in contact with one world famous hacker who routinely broke into
formerly secure systems for demonstration purposes -- can't elaborate for
obvious reasons)  Another friend is chief security expert at a well known
public company in the cloud infrastructure space, and I'll ask him to opine
if interested.

Having said that, I think the auto-update pattern could be a security risk
in itself in extreme and unique cases: if the organization that makes those
updates was to be compromised, e.g. government infiltration, or company was
purchased by another from a foreign country like China, etc. In fact, the
security threat to which the patch is produced could be designed such that
the most likely patching strategy would open a bigger, deeper hole in non
obvious fashion.

So Larry's instincts shouldn't be dismissed, imo, but can be taken as a
thinking point: how do we build self-healing systems that could detect an
intrusion/infection and fight it. I think tons of lessons to be learned
from biological systems. Think of vaccines as "auto-updates." Our young
baby has received a ton of pre-scheduled "auto-updates" and more to come,
but those updates teach her system to fight specific attacks by giving her
a weakened version of the potential future attacker and letting her defense
system learn how to beat it. This sounds like either a step beyond or a
step behind patching the logic of her defense system, but is certainly more
trust worthy as you're not directly deciding the counter effect.

disclaimer: I know nothing about security... but I have natural attraction
to the dark side of things... ;)








On Tue, Jul 29, 2014 at 10:48 PM, Alex Russell <slightlyoff@google.com>
wrote:

> On Tue, Jul 29, 2014 at 10:44 PM, Larry Masinter <masinter@adobe.com>
> wrote:
>
>>  I know the Nest does auto-update. But it’s also $249.
>>
>> How much would a non-auto-update one cost?
>>
>> What if I want a 3rd-party security scan of my company’s thermostat code?
>>
>> The thermostats of a building can become critical infrastructure.
>>
>> Imagine a thermostat where all the web part does is show weather warnings.
>>
>> Is auto-update really important here?
>>
>
> If it's critical infrastructure, then auto-uppdate really is really
> important.
>
>
>>  You don’t want to support a web
>> thermostat where the browser is in ROM and optional?
>>
>>
>>
>> I have lots of devices on my home network – printers, pcs, mobiles, pads,
>>
>> receiver, remote, thermostat, tv, blue-ray, roku, cable box, routers,
>>
>> personal peripheral (FitBIt).
>>
>>
>>
>> Most of them could logically use the web. And most aren’t auto-update,
>>
>> don’t need it, don’t need updates, the web is just a piece of what they
>>
>> do. I’m spending way too much time babying updates. This is a good
>>
>> architecture for whom?
>>
>
> For everyone else connected to the web. Once these devices reach out and
> touch someone, they can do so in inappropriate ways when subverted. I
> recommend checking out one of HD Moore's talks to get a sense for the scale
> of the problem and the worst offenders:
>
>     https://www.youtube.com/watch?v=VuYi7gVy3dI
>
> Hint: it's old, unupdated, unloved software. Don't be That Guy (TM).
>
>
>>
>>
>> Yes, and if you have a Nest, you'll understand that it DOES auto-update.
>>
>>
>>
>> Rather, than, say, sandboxing the display module? Auto-update isn't a
>> security panacea.
>>
>> Doesn't it cost more to build auto-updating thermostats; are non-updating
>> ones out of scope for the web?
>>
>>
>>
>>
>
>