|
|
|
|
|
|
by EricMausler
1023 days ago
|
|
|
The Ship has not sailed. The ship is still on its way to port. Complete internet surveillance is arguably an unstoppable force on the way to shore. I think when it gets here there is going to be a lot more trouble for cybersecurity experts due to a lack of clear understanding around what is considered legal activity or not from them. Right now the obscurity is something they hide in - they can choose whether or not to reveal they found a vulnerability. But what if that's not always the case? What if you get "caught" before you are able to show you had no intentions of doing anything malicious? We can have the trial by fire we usually do, and let a round of innocent people face unjust consequences and use them as martyrs to create new laws - or we can use some foresight and build some legal frameworks in advance that enable researchers to be "by the book" and not worry at all about legal repercussions |
|
|
Quite simply, you will absolutely get portscanned if you have a port open to the public internet today. Try it. No doubt CIA has access to at least some of those botnets. We need policy protections that face the reality of the world we live in today, and harden devices that would like to communicate over the internet in an automated fashion. That includes punishments for operating massive, systemic botnets, but also some auditing of critical infrastructure that is publicly accessible.
For all their problems, certificate authorities have largely let us figure this stuff out on the internet browser side, and I would argue that has had a positive effect on privacy and security. Now it is time to do something similar for devices that connect to the internet in an automated way. For all it's