Linked by Thom Holwerda on Wed 17th Oct 2012 23:48 UTC, submitted by poundsmack
Privacy, Security, Encryption Kaspersky is working on its own secure operating system for highly specialised tasks. "We're developing a secure operating system for protecting key information systems (industrial control systems) used in industry/infrastructure. Quite a few rumors about this project have appeared already on the Internet, so I guess it's time to lift the curtain (a little) on our secret project and let you know (a bit) about what's really going on." More here.
Thread beginning with comment 538931
To read all comments associated with this story, please click here.
Comment by quackalist
by quackalist on Thu 18th Oct 2012 00:41 UTC
quackalist
Member since:
2007-08-27

Was reading the blog earlier and though it seemed to make sense.....who wouldn't want critical systems to be secure though I did think his " And then there are some details that will remain for certain customers’ eyes only forever, to ward off cyber-terrorist abuses." somewhat contradictory as the clearest example of "cyber-terrorist abuses" have come from some of those selfsame "customers" and unless the OS is secure from their eyes it might as well not exist. Anyway, if its not secure unless by 'obscurity', if you can't trust those in the know not to leak or use that info nefariously, than can it be secure?

Not claiming any great knowledge on how to secure OS's, not at all, it just seems not quite right.

Edited 2012-10-18 00:48 UTC

Reply Score: 3

RE: Comment by quackalist
by Doc Pain on Thu 18th Oct 2012 05:18 in reply to "Comment by quackalist"
Doc Pain Member since:
2006-10-08

Anyway, if its not secure unless by 'obscurity', if you can't trust those in the know not to leak or use that info nefariously, than can it be secure?


If you want to be scared to death, visit your local hospital:

http://www.technologyreview.com/news/429616/computer-viruses-are-ra...

Medical devices are a domain for closed-source software. That software may be essential to life of people. So if you are a "cyber-terrorist" and want to hurt "ordinary people", you could take down hospital devices. Everything you need is in there: proprietary devices, often sloppily engineered (from the software aspect), insecure and exploitable; IT infrastructures happily carrying out your orders (PCs, printers, networking gear); people - some stupid, some ignorant, some knowing, but with a voice to "unimportant" to make any change to the status quo, and those in charge of "decision & responsibility", relying on outsourcing, cheap renting, and delegating the own security to 3rd parties who have no other interest than eating from the cake of money, by not really delivering good services. It's not even hard: Bring a prepared USB stick, put it in some unsecured PC, or deal with the WLAN. There's enough old and old-fasioned hardware and software still in use, considered "not that bad", so nothing is questioned, because it "just works". There can't be security without knowledge, and knowledge is usually "left to others" who, in the end, don't really care. And it's not just about the danger of "cyber-terrorism"; just think what you could earn by obtaining patients' and employees' data (personal data, payment details, medical records, pricing, contracts with 3rd party services, data from research studies etc.) and selling them to spammers, advertisers or competitors.

Why can I make those claims? Because I've seen it. Here in Germany. Too often.

Reply Parent Score: 4