Imagine you bought something.
- You rely on it with your business, with your very livelihood. Sometimes even with your life.
- There is no warranty whatsoever on what you bought.
- And you don’t know what’s inside the box.
- Also, you cannot look inside the box, in fact, it is illegal.
- You might not have have heard about the seller before and you have no particular reason to trust him.
Are you totally and irreversibly mad? How can you do it?! If you are not mad, aren’t you criminally negligent? Or just very, very, very stupid.
However, we all are. We all bought software at least once in our lives …
This blurb is inspired by some discussions I had at CONFidence 2007 Conference (where I presented on “Log Forensics” in front of about 180 people). Another related fun thought I picked there is that the most scary cyber-criminal of the future is not a spammer, a scammer, a phisher or a pharmer, and not even a good ole “cracker” - it is an unethical software engineer, who changes the code slightly to introduce a weakness (or a full-blown backdoor or a logic bomb) and later uses or sells this knowledge. In light of the above characteristics of software purchases, think billions stolen in one shot, think ruined companies, think stock market manipulation, think direct physical damage (and, yes, real cyberterror), etc. We do live in interesting times …