On Fri, Dec 11, 2015 at 7:10 AM, Tati Chevron <chev...@swabsit.com> wrote: > Why would we trust your mirror?
A couple things to keep in mind here: (1) Security can never be perfect. (2) Security does not have to be perfect. (That said... sometimes traditional computer security seems like people are trying to put bank vault doors on picket fences. And, ok, given the state of the internet, there's some validity to that approach. But I imagine we should be thinking about other approaches, also.) Anyways, for distributions, you need good ways of detecting problems. Then, when you find one, you will at least gain some information about your threats. So: (1) shasums, and other signatures. The more the merrier, within practical limits. They can be spoofed, but plausibly spoofing several is difficult. You should expect attackers to want to hit easier targets. (2) out-of-band comparisons. This does not need to be frequent, but needs to be happening. If people adopt rituals where they sometimes download from websites, sometimes compare web site contents with cd contents, and also sometimes check electronic copies of signatures with paper copies, you will catch infections sooner or later. One of the more important characteristics, here, is probably the time delays in the comparisons. (3) Have some ideas of what to do when you find a problem. Rewriting or replacing or discarding the affected systems is one approach. Involving people who have reason to care can be another approach. This is where having a good audience can help - industry, politicians, volunteer organizations, etc. all have an aspect where they try to engage lots of people. If you are supporting them (don't worry too much about the degree of support - it mostly doesn't matter) they'll quite probably be happy to help when you need it (especially if they can also see how to advance their own goals - which, ok, will sometimes be a pain). Anyways... there's plenty more nuances than this quick writeup. The basic approach is to drive up the costs/effort required for sophisticated and organized attackers while also catching the flaws which will inevitably arise (through hardware failures if nothing else, but school-age pranks are another plausible candidate for problems). I hope some of this helps, -- Raul P.S. the three biggest state-level threats are probably the three most populated countries. China and India want to destroy some parts of their populations while maintaining loyalty of their core population (because they can't feed them all, but you can see this in the news, for example in reports about rotting food, perhaps tons of it - people are strange). The USA doesn't have the food issue and (because of its structure) places a higher priority on popularity/loyalty, but is under immense long-term pressure to fit in (whatever that means). I'm not sure what to do about any of that, but I think this point of view does help understand what was happening with the NSA but also it's why the whole "for the people" quip gets the emotional shadings that it gets. I can't do much about this, but maybe someone else will have some good ideas? And, of course, there's plenty of smaller countries which have their own personality-driven issues, wars and malware havens.
