Computing Devices - Time for a Risk/Reward Analysis?

Discussion in 'The War Room' started by Sabin, Aug 23, 2015.

  1. Sabin

    Sabin Blue Belt

    Joined:
    Mar 31, 2007
    Messages:
    629
    Likes Received:
    3
    Location:
    USA, USA, USA
    So as amazing as these devices are, the trend is to give everything an online component. I think at this point it may be time for a risk/reward analysis first.

    One, I'm skeptical that these devices even can be secured at this point. In brief you can look at who is being hacked - JP Morgan Chase, the Government, and high level hackers themselves (Hacking Team, probably a lot more less publicized). So what this says is that money, power, and those well versed in the art of hacking - can't stop hackers. JP Morgan spends 500 million a year on security and that still wasn't enough. JC how much would be, a trillion?

    CS majors love to toss around authoritative sounding jargon, but we've heard that before and watched their designs fail time and time again. SSL, what enabled the secure in https, the backbone of secure e-commerce, thought to be safe for years, bam Heartbleed bug. At this point they do not deserve the benefit of the doubt that they even can secure these devices and so the question becomes what are the implications if they can't?

    The reward - these devices are absolutely amazing and can solve just about any problem out there with creative developers given enough time and money. The cons - they can't secure these devices and the potential for misuse is also potentially just restricted by creativity. The kicker for the cons, that should give a lot of concern is the force multiplier, a small team can cause a shitstorm, like the SONY hack and the Ashley Madison scandal and in theory just 1 hacker could cause all of that.
    Nobody wants to be at the whims of the hacker or hacktivist (with this line blurring into terrorist), but that looks to be the current trending direction...

    http://www.dailydot.com/crime/new-york-magazine-ddos-bill-cosby-cover/

    For one thing, I'm of the opinion that certain things should not have an online component. If the trend is for all cars to have onboard wifi, I don't like that and I think the consumer should have a choice. They didn't fix the current wifi security vulnerability they slapped a band-aid (patch) on it. In the audit model of security where they react to zero days, this is a horrible idea if all cars are online. It could take months to find a band-aid. And with more and more people becoming computer savvy, Jihadi John is a CS major btw, combine this with a typical force multiplier effect, and this looks like a risky trend.
     
    Last edited: Aug 23, 2015
  2. IDL

    IDL Gold Belt

    Joined:
    Sep 17, 2009
    Messages:
    24,819
    Likes Received:
    21,004
    Location:
    Lending money to your government
    I see the bigger downside being that everyone will become monitored and tracked by a giant smart grid connected to government intelligence services.

    The ultimate Big Brother scenario.

    Having cars and appliances connected to the internet is pushing it for me, but younger generations that grow up surrounded by wifi devices will see it differently. They will never know privacy.
     
  3. Starck

    Starck Black Belt

    Joined:
    Nov 11, 2009
    Messages:
    6,396
    Likes Received:
    1,109
    Thou shalt not make a machine in the likeness of a man's mind.
     
  4. SakuMemories

    SakuMemories Purple Belt

    Joined:
    May 18, 2015
    Messages:
    1,851
    Likes Received:
    71
    Location:
    Yurp
    First of all if a CS major told you that he can build an impenetrable system, he was bullshitting you. You also failed to use common sense: What have humans made that is flawless? Everything can be brought down, or will fail, eventually. Just give it enough time and effort. Therefore being mad at CS majors is moronic.

    Also asking online components not be sold because some crazy people abused them is akin to asking guns be banned because some crazy people go on killing sprees. People will exploit/abuse whatever you put in front of them. Deal with it.
     
  5. klnOmega

    klnOmega Double Yellow Card Double Yellow Card

    Joined:
    Dec 10, 2014
    Messages:
    9,552
    Likes Received:
    11,928
    They do risk analysis.

    The car companies know of the potential they get hacked, and face a class action suit.

    They are weighing the payout of the class action suit against the extra income they can from:
    -Being able to remotely disable your car for late payment
    -Sell information about your travel routes and driving routines to advertisers
    -Sell the same information to law enforcement/NSA
    -Deliver more relevant ads to you while you drive

    They will probably make more than enough money from, say, advertising McDonald's to you just before you pass one, or analyzing the work route you drive everyday to find stores along the way to advertise to you, than they will have to pay out whenever someone hacks your car and kills you.
     
  6. klnOmega

    klnOmega Double Yellow Card Double Yellow Card

    Joined:
    Dec 10, 2014
    Messages:
    9,552
    Likes Received:
    11,928
    He's not mad at CS majors. He's just commenting on the "Well the new Super-Secure-Safety-Net 2.45 protocol has flux capacitor backups integrated directly at tier-2 R2D2 droid level, and a double loop check for environmental stability. These cars are completely safe, you are an idiot who doesn't understand computers at all". I've seen the same rhetoric myself pop up.
     
  7. klnOmega

    klnOmega Double Yellow Card Double Yellow Card

    Joined:
    Dec 10, 2014
    Messages:
    9,552
    Likes Received:
    11,928
    The easy way to beat all of this is just to have devices have a manual override, that completely disconnects the electronic portion of the car from the manual portion, in the event of an emergency. Not some shitty "wifi off" button that can be disabled. I'm talking about a physical lever that will physically remove all electronic connection to mechanical portions of the car.

    But of course, this would get in the way of the more neferous plans for internet integration in cars. They need the cops to be able to force you to pull over, companies to disable your car for late payments, and for the CIA to be able to crash you off a bridge if need be.
     
  8. SakuMemories

    SakuMemories Purple Belt

    Joined:
    May 18, 2015
    Messages:
    1,851
    Likes Received:
    71
    Location:
    Yurp
    I doubt that rhetoric exists, save for fringe idiots-posers.

    People are just scared and/or mad that technology is not perfect. Well that's stupid. Call me up when you invent something that is flawless.
     
  9. weich

    weich Silver Belt

    Joined:
    Oct 23, 2007
    Messages:
    11,494
    Likes Received:
    1,665
    Location:
    Colorado
    I don't think DDoS should be considered hacking. It's stupidly easy to do, doesn't involve breaking security, etc. It's the equivalent of having an autodialer call a pizza place so much that they can't receive many, if any, calls from customers. That's it.

    As far as other security is concerned, it will likely never be 100% secure. Companies know this. If you have a computer or electronic device that is connected to the internet it is not secure. You can try and hide it, you can follow good security guidelines, but you'll never protect it all the way. Especially if it is being used by a regular user who still randomly downloads things that they shouldn't.

    Information that has to be protected at all costs must be disconnected from any network that touches the internet, and must physically secured so that a limited number of users can work with it, and so that those users cannot insert flash drives or other devices capable of moving data to and from it.
     
  10. uppercutbus

    uppercutbus Silver Belt

    Joined:
    Jul 21, 2014
    Messages:
    11,531
    Likes Received:
    46,806
    Pretty much, lame ass, dumb ass media calling them hackers and such is pretty dumb even for them. Guess they don't have another word for it though?
     
  11. VulcanNervPinch

    VulcanNervPinch Gold Belt

    Joined:
    Sep 7, 2009
    Messages:
    15,051
    Likes Received:
    8,352
    Yeah, every new capability that is discovered gets implemented without any serious consideration of its downside.

    Sometimes I can't conceive a way that humanity doesn't eventually doom itself with this kind of behavior.
     
  12. LogicalInsanity

    LogicalInsanity Co-Founder of SDLS (Sexual Deviant Leftist Scum)

    Joined:
    Apr 29, 2012
    Messages:
    31,709
    Likes Received:
    31,732
    We need to rely on Jesus, not computing devices. ~ ripskater
     
  13. Vitamin C

    Vitamin C Black Belt

    Joined:
    Dec 8, 2010
    Messages:
    5,805
    Likes Received:
    705
    More than the privacy issues, I think greater harm will eventually come from people allowing devices to do all of their complicated cognition.

    I have a much younger sister, she has had a smart phone since grade school. They were permitted to use their phones and calculators for grade school math. I recall being amazed I was permitted a calculator in high school. You see it every day too, gotta do some math? Whip out the cell phone. I'm guilty of this as well, and I'm trying to get back some skill by at least attempting the required calculations in my head before I go to the phone.

    People are also shit navigators relying on GPS from their smart phones for any trip that breaks away from their regular routine of home work or groceries. It's ridiculous. My father used to be a great driver. He is who taught me how to read a map, use landmarks, keep track of your bearing and visualize where you are in your trip based on those things. He has since relied on GPS for many years and now is far less confident, nervous even, when the GPS doesn't work. And that's its impact on a man from a generation that hadn't relied on the tech for his whole life. Imagine what a person who grows up never thinking about how to get un-lost because they've relied on technology since they were a child would be like if something happened to their tech.

    I swear some days it's like the path to a real life Idiocracy is beginning.
     
  14. Winnie The Foo

    Winnie The Foo Green Belt

    Joined:
    Aug 6, 2010
    Messages:
    1,480
    Likes Received:
    378
    Location:
    San Diego, CA! ALL DAY!
    If you buy a car, you do so knowing there are security/safety risks associated with it. You have to take precautions to ensure it doesn't get stolen. The same goes for "computing devices". Understand the risks associated with them and act accordingly.
     
  15. Sabin

    Sabin Blue Belt

    Joined:
    Mar 31, 2007
    Messages:
    629
    Likes Received:
    3
    Location:
    USA, USA, USA
    With cyber security I was unaware of just how bad things were until maybe 2 or 3 years ago, when I started considering an additional CS degree. As the era of specialization, I think a lot of people were in the same boat as me, doing their own thing and pursuing their goals in life, without thinking about that too much. I believed in things like 2 factor authentication, https, and WPA since they said it was better than WEP. When really they just gave a false sense of security. As I understand it now, these devices can't be secured and it's not a question of if, but when they are compromised.

    "Deal with it." This is potentially bad news when critical infrastructure has an online component, like they currently do - banking, the stock market, SCADA systems and then you have almost everything else migrating online - IRS, medical records, etc. With internet of things, I mentioned cars, but actually drones might be the bigger concern. These things are as cheap as $30 and potentially easy to weaponize.

    Post atrocity philosophy seems to be the norm historically, but I think that may be a mistake with the increased power and scope of these devices. How about the paranoia and fear they could inspire if the attacks don't start until Amazon has their drone delivery system amped up and entrenched logistically. It is probably good to think about how these devices can be misused before compromisable systems become entrenched.

    I'm actually more worried culturally, but could easily get into tl/dr territory there. There's a pressure to live an unnatural, censored, paranoid life. At this point you have to live with the thought there might be a camera here, even in private conversations, and factor that in even in private conversations. Time to be like Jeb Bush / Darkwing Duck and start talking about killing evildoers and what's good for the state, I guess.
     
  16. Sabin

    Sabin Blue Belt

    Joined:
    Mar 31, 2007
    Messages:
    629
    Likes Received:
    3
    Location:
    USA, USA, USA
    With a large database on an NSA file server in UTAH or wherever that was and an individual portfolio/profile per citizen. And then predictive algorithms for terrorism risk for sure, beyond that who knows. And then different thresholds for action - 51% for watch list, etc.

    Yeah, maybe it will be easier for them, I don't know, for me it's an unnatural transition. On the one hand maybe they will know everything can be recorded at all times and potentially used against them in the future and then that will feel natural to them? On the other, people typically do a lot of stupid things in their teens and early twenties, and maybe won't be able to help it anyways. One thing, though, the intelligence community is no longer in the background, they are in the foreground now (possibly will stay there) and are forcing a strange cultural transition.
     
    Last edited: Aug 24, 2015
  17. Sabin

    Sabin Blue Belt

    Joined:
    Mar 31, 2007
    Messages:
    629
    Likes Received:
    3
    Location:
    USA, USA, USA
    I could see this too. Think I read some book by a US memory champion a while back, how he mentioned outsourcing all of our memory to "external memory" was weakening that.
     
  18. Sabin

    Sabin Blue Belt

    Joined:
    Mar 31, 2007
    Messages:
    629
    Likes Received:
    3
    Location:
    USA, USA, USA
    Lol, supersecure secret handshake protocol 2.1. I think people are finally starting to catch on though and the sooner the better. I think more people need to be aware of the current state and be involved in discussions about it's implications on their lives and the future.
     
  19. SakuMemories

    SakuMemories Purple Belt

    Joined:
    May 18, 2015
    Messages:
    1,851
    Likes Received:
    71
    Location:
    Yurp
    People that take those decisions have already considered the implications and found the risks to be acceptable. Just like anything else. Do you really think that you are the only one to think of such devices being misused?

    You are applying an unreasonable standard to CS stuff because its new and scary. So people either get paranoid or think it makes people stupid (which is quite ironic, considering the difficulty and skill required).

    I agree with you here. Its a trade-off I guess. And I will get crucified for saying this but I don't think surveillance is such a big deal.
     
  20. 7437

    7437 Gold Belt

    Joined:
    Jun 29, 2013
    Messages:
    24,354
    Likes Received:
    21,777
    You aren't really a car person are you.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.