[conspire] Interesting Video
Rick Moen
rick at linuxmafia.com
Sat Apr 8 16:27:15 PDT 2017
Quoting Howard Susman (hsusman at scsurplus.com):
> This is worth watching: 5 actually.
> http://ispydoc.com/select
Agree. What Howard means is that this is a connected series of five
~10 minute documentary videos on computer security, the surveillance
state, and related topics.
I like it. It's reasonably well stated, and very slick. It appears to
be an Enn Zed (er, New Zealand) production (narrated by Lucy Lawless),
with commentary by an impressive array of world-class experts including
NSA directors who seem to be quite frank.
It's not technically deep, but then it's aimed squarely at an
intelligent general audience. There are some of the usual frustrating
blind spots; I'll talk about one of them, here: One of the segments
states that the obvious way a cyberattack against the United States
would be conducted would be to take over the control networks for the
electric power grid, with the implication that this just requires some
fancy dance into them from the Internet. How so? Narrator makes a lazy
handwave about Stuxnet.
Eh, no. When you look at the more-detailed accounts of the Stuxnet
impairing of Iranian centrifuges at the Natanz plant, you can very
clearly infer that insertion and elevation of code privilege was via
human agency, i.e., CIA and/or Mossad had one or more pair of hands
among the Natanz staff. Remember: By and large, code doesn't run
itself, nor does it just jump over airgaps.
Occasionally, one does hear dire warnings about the North American power
grid being vulnerable to cyberattack (e.g.,
http://content.time.com/time/nation/article/0,8599,1891562,00.html). My
point is that, _if_ this is true and was not instantly remedied the
second the threat vector was noticed, then mass firings need to happen,
because there's absolutely no need for power-grid control networks to
have any form of interconnection to public networks, and any such need
to be actively sought out and torn down (and hosts that connect to such
routes null-routed).
Unfortunately, there is a lot of flummery in the standard narratives
about computer/network security.
More information about the conspire
mailing list