It is true that terrorism can come into play in cyberspace - but why should a terroris bother? they can still circuvment physical security and casue much more NOTICABLE harm.

Remember - this is all psychological warfare - the terrorists agenda is to plant fear into the peoples minds - when a plane crashes into a building - that causes fear of "you never know whats next" and "I have no way of protecting myself". It is still difficult to see how this feel could apply to computer security being compromised - even if a terrorist group could shut down every pc connected to the internet by planting malicious code - most companies are required to have backups - so changes to information could be detected and restored. considering some of the cracking community is actively trying to cause caos (16 yo's with nothing better to do) - we see that the worst that happened so far was e-bay being shut down for a day or two. I think this whole thing is a scare tactic tailored to scare congress and get more funding for their global mission to spy on law abiding US citizens.

And on a different issue regarding software bugs - Companies are fighting in order not to be liable for bugs in their code (read the EULA) and then blame hackers for publishing code to exploit their flaws. Why should a hacker finding a bug - notify the software company in advance before releasing the details and give the company time to repair the bug? I think companies should be liable for the damages caused due to bugs in their code like any other industry - I also think that companies know that this could be the case in the future - they fear of possible damages and them being sued later - it is not to protect their customers - its to protect them. I call everyone to stop with the 10 - 30 day advance notice to companies - MAKE them liable for poor code - get them sued and see how code becomes more secure without the need for a new department in the NSA.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/6671/21202#21202