libertango | Entries tagged with computer security

You're viewing

libertango's journal
Create a Dreamwidth Account Learn More

Reload page in style: light

Conficker has come and gone and... No one can figure out what it did, if anything.

The Guardian posts an "all clear" piece, but as I just commented: "(W)e don't know whether or not Conficker has done anything. We only know that if it has, we haven't been able to notice what it is."

I don't think this is necessarily a case where "no noticeable effect" should equal "relief that nothing happened." If anything, no noticeable effect should be scaring the bejeezus out of people since it could well be adding plausibility to my hypothesis that properly executed exploits have no noticeable effect.

While writing a comment on Metafilter about computer security, I had a sudden realization:

Computer exploits are just like Galbraith's "bezzle" -- they have a time parameter, and (mildly rewriting), "...there exists an inventory of undiscovered broken security in -- or more precisely not in -- the country's information systems..."

What's also interesting is that Galbraith writes as if embezzlement always is discovered, sooner or later. As does Schneier, when it comes to security breaches. I don't think either of them are that naive, but are instead writing to some degree with an optimistic eye -- the bad guys will be caught, eventually.