Saturday, September 3, 2011

Corrupting the Linux supply chain

I have long contended that the simplest way to covertly break into every computer in the world is to build back doors at the earliest possible moment in the supply chain. Whether it's China sneaking keys under the mat of SCADA systems they're exporting, the FBI publicly asking Silicon Valley vendors to build traps into the stuff we sell around the world, or Adobe's "swiss cheese" source code management system that invites stealthy insertion of malware into widely used products such as their Acrobat reader, if the bad guys get into the technology food chain early enough, we are all well and truly jiggered. For example, take this week's headlines about hackers breaking into the Linux source code site. Good idea, really, if you're a bad guy.

When the heck are we going to take off the kid gloves and raise the risk of cyber tomfoolery? When are we going to make the price of unauthorized intrusion simply too high. Licensed and bonded cyber privateers are one proposed solution. I haven't heard a better one.

No comments:

Post a Comment

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?