It's an honor to have you here! A couple of questions:
What do you think needs to be done about hardware security? I'm speaking mainly of backdoored or buggy firmware, as well as problems with compromising emanations from various types of hardware. Do we need a drastic change in hardware security standards and regulation?
How will the increase in the availability of smaller and smaller microphones and cameras with transmission capabilities affect cybersecurity as we now know it? It seems to me that unless people take some extreme measures, their communications will be intercepted by side channels by small and hidden bugs. This could be done on a mass scale as the price of such bugs drop, and it probably will, judging from the technological pace of the past few decades. Targeted surveillance would be a nightmare for anyone not working in a Faraday cage, checking their clothes and belongings for bugs when exiting and entering the room. Almost everyone types on a keyboard that makes noise or is doing so in plain sight. Small ubiquitous bugs could record every password and message someone sends, transmitting it at a later point. It seems to me that cryptography doesn't address this at all, since it's a side channel attack. Right now it's not a real concern, but in 10 or 20 years? Could this be mitigated by using different input/output methods, for example smart glasses?
Do you see a way for people to adopt secure operating systems and means of communication (Qubes, Whonix, Signal, etc.)? There's very little funding for such projects and most of the time and money goes towards improving the security and fixing bugs, but the usability of such systems is atrocious (speaking of experience).
As a prolific expert and author, could you share with us some of the habits and ways of tackling problems that helped you be so productive?
throwaway2498895 karma
It's an honor to have you here! A couple of questions:
What do you think needs to be done about hardware security? I'm speaking mainly of backdoored or buggy firmware, as well as problems with compromising emanations from various types of hardware. Do we need a drastic change in hardware security standards and regulation?
How will the increase in the availability of smaller and smaller microphones and cameras with transmission capabilities affect cybersecurity as we now know it? It seems to me that unless people take some extreme measures, their communications will be intercepted by side channels by small and hidden bugs. This could be done on a mass scale as the price of such bugs drop, and it probably will, judging from the technological pace of the past few decades. Targeted surveillance would be a nightmare for anyone not working in a Faraday cage, checking their clothes and belongings for bugs when exiting and entering the room. Almost everyone types on a keyboard that makes noise or is doing so in plain sight. Small ubiquitous bugs could record every password and message someone sends, transmitting it at a later point. It seems to me that cryptography doesn't address this at all, since it's a side channel attack. Right now it's not a real concern, but in 10 or 20 years? Could this be mitigated by using different input/output methods, for example smart glasses?
Do you see a way for people to adopt secure operating systems and means of communication (Qubes, Whonix, Signal, etc.)? There's very little funding for such projects and most of the time and money goes towards improving the security and fixing bugs, but the usability of such systems is atrocious (speaking of experience).
As a prolific expert and author, could you share with us some of the habits and ways of tackling problems that helped you be so productive?
View HistoryShare Link