Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Australia Crime Security IT

Inside CERT Australia 74

Posted by samzenpus from the shiny-red-button dept.
mask.of.sanity writes "The Australian Government has a list of software holes that are so sensitive they're kept hidden from the public. These weaknesses are being used by criminals to steal our money and our data. They may even be a cornerstone to planned attacks on critical infrastructure, like energy, water and transport. But in the murky battle between those that protect us and those who seek to harm, these vulnerabilities are also the bait with which cyber-criminals are caught."
This discussion has been archived. No new comments can be posted.

Inside CERT Australia More

Inside CERT Australia

Comments Filter:

  • corporate welfare (Score:5, Insightful)

    by Hazel Bergeron ( 2015538 ) on Monday April 11, 2011 @06:09AM (#35779526) Journal

    TFA:

    The privileged group of more than 300 companies under CERT Australia's wing is expanding, but it does not plan to offer the secretive information more broadly.

    This is corporate welfare at its finest: make the people pay to give a competitive advantage to particular companies.

    When will this primitive targets-based, public-private-partnership experiment born somewhere in the '80s finally collapse? When will parties and their representation in government reflect the people again? Whether left or right, authoritarian or socially liberal, your view is no longer represented unless you've paid for it.

  • Comment removed (Score:4, Insightful)

    by account_deleted ( 4530225 ) on Monday April 11, 2011 @06:56AM (#35779700)
    Comment removed based on user account deletion

  • Re:Reality Check (Score:4, Insightful)

    by AB3A ( 192265 ) on Monday April 11, 2011 @09:20AM (#35780452) Homepage Journal

    The truth is that the software industry marches forward at a much faster pace than we can deploy. Today's ultra reliable souped up cool stuff becomes yesterday's "what the hell were they thinking?" stupidity very quickly. In truth, it's not just about the code YOU write, it's the code that OTHERS write. They're making assumptions about your work and you're making assumptions about their work. Those assumptions are often wrong.

    From my perspective as an end user, I often can not see the dividing line between you and your component software companies. I often can not tell whether you're using VxWorks, an embedded version of BSD, or some small company's custom RTOS. So whatever you do to improve your code may be irrelevant if the host OS crashes. From where I sit, the end result is the same.

    That said, stability in most embedded OSs is usually pretty good. But the issue here is not stability. The issue is whether the software can stand up to even a mild attack. I once saw someone attack a SIL rated PLC with a LAND attack (names of guilty parties redacted to protect industry). The PLC curled up and crashed.

    I would like to be able to say better things, but I have seen otherwise. Sorry...

Slashdot Top Deals

Never call a man a fool. Borrow from him.

Close