Showing 79 posts tagged internet
Showing 79 posts tagged internet
Researchers have found, once again, that sensitive systems have been placed on the Internet without even the most basic of security precautions. The result?
Analyzing a database of a year’s worth of Internet scan results [H.D. Moore]’s assembled known as Critical.io, as well as other data from the 2012 Internet Census, Moore discovered that thousands of devices had no authentication, weak or no encryption, default passwords, or had no automatic “log-off” functionality, leaving them pre-authenticated and ready to access. Although he was careful not to actually tamper with any of the systems he connected to, Moore says he could have in some cases switched off the ability to monitor traffic lights, disabled trucking companies’ gas pumps or faked credentials to get free fuel, sent fake alerts over public safety system alert systems, and changed environmental settings in buildings to burn out equipment or turn off refrigeration, leaving food stores to rot.
Needless to say, Moore’s findings are telling insofar as they reveal that engineers responsible for maintaining our infrastructures are often unable to secure those infrastructures from third-parties. Fortunately, it doesn’t appear that a hostile third-party has significantly taken advantage of poorly-secured and Internet-connected equipment, but it’s really only a matter until someone does attack this infrastructure to advance their own interests, or simply to reap the lulz.
Findings like Moore’s are only going to be more commonly produced as more and more systems are integrated with the Internet as part of the ‘Internet of Things’. It remains to be seen whether vulnerabilities will routinely be promptly resolved, especially with legacy equipment that enjoys significant sunk costs and limited capital for ongoing maintenance. Given the cascading nature of failures in an interconnected and digitized world, failing to secure our infrastructure means that along with natural disasters we may get to ‘enjoy’ cyber disasters that are both harder to positively identify or subsequently remedy when/if appropriately identified.
– Frank Pasquale. (2010). “Beyond Innovation and Competition: The Need for Qualified Transparency in Internet Intermediaries.” Northwestern University Law Review 104(1).
– Dwayne Winseck, “Netscapes of power: convergence, network designed, walled gardens, and other strategies of control in the information age”
Last year Rob Shaw wrote a piece for the Times Colonist about online voting in British Columbia. (This is a Bad Idea by the way, for reasons that are expounded elsewhere.) At the very end of his article, we read:
B.C.’s flirtation with online voting coincides with changes to its information and privacy laws last year that paved the way for high-tech identity cards.
The government has said people will one day be able to use the cards to verify their identity and access Internet-based government services, including, potentially, online voting.
No government document released under FOIA laws that I’ve read has stated voting as a driver of the card. However, this isn’t an indictment of Shaw’s reporting but of the government’s unwillingness to fully disclose documents pertaining to the Services Card.
To be clear: there is no good reason to believe that the Services Card will be particularly helpful in combating the core problems related to online voting. It won’t actually verify that the same person associated with the Card is casting the ballot. It won’t ensure that the person is voting in a non-coerced manner. It won’t guarantee that malware hasn’t affected the computer to ‘vote’ for whomever the malware writer wants voted for.
The Services Card is (seemingly) a solution looking for a problem. Voting is not one problem to which the Card is the solution.