Let’s say I wanted to do basic security. I want to be able to defend myself against cyber attacks on my laptop, network, phone as well as any peripherals I might use that connect to any of the devices I use. I want to communicate securely. I want to be untrackable or have privacy. Basic security for the purposes of this post will consist of 3 things:
- Malicious code barriers & Cyber Defense
- Secure communications
Let’s tackle the first one. I have a computer that I just purchased from a store. A sales person might even suggest buying anti-virus software with a firewall. It’s guaranteed to protect me from everything except a zero day hack. Well what about this “zero day hack.” Anything on my computer that is listening to the Internet, e.g. notifications, Dropbox, Adobe, GoogleTalk. Ok, we turn these off. Are we still secure? What if the hardware is not secure? In light of recent revelations, we can’t even trust the hardware anymore. We are forced to build are own computer with our components we can trust, but this begs the question of finding a trustworthy component. Back in the days of 6502 processors, it could be possible to know all the contents in memory, and to even know the factory that made all the components. With our global economy such an empirical luxury (if it was ever so enjoyed) is no more. We might as well stop here, and think about what it would take to secure the supply chain of computer components. There’s a suggestion for it in the dystopian, Draka series of novels by S.M. Stirling. All computers are Read Only Memory (ROM), and produced under close government / military scrutiny. What we can conclude is that even on a basic level, we are not secure.
In my next piece, I’ll look at secure communications on an ok, sorta secure computer.