Visit ArabTopics.com

The recent catastrophic Wi-Fi vulnerability was in plain sight for 13 years behind a corporate paywall

american-security-breach-1280x720-istockphoto

Global: The recent Wi-Fi “KRACK” vulnerability, which allowed anyone to get onto a secure network (and which was quickly patched by reputable vendors), had been in plain sight behind a corporate-level paywall for 13 years. This raises a number of relevant, interesting, and uncomfortable questions.

When last week’s KRACK wi-fi vulnerabity hit, I saw a series of tweets from Emin Gür Sirer, who’s mostly tweeting on bitcoin topics but seemed to know something many didn’t about this particular Wi-Fi vulnerability: it had been in plain sight, but behind paywalls with corporate level fees, for thirteen years. That’s how long it took open source to catch up with the destructiveness of a paywall.

Apparently, WPA2 was based on IEEE standards, which are locked up behind subscription fees that are so steep that open source activists and coders are just locked out from looking at them. This, in turn, meant that this vulnerability was in plain sight for anybody who could afford to look at it for almost a decade and a half. There are so many issues and followup questions on this, it deserves at least two more articles on the same topic, just for headlines to cover one important point at a time (yes, that’s necessary today).

This also means that one of two things were true: one, those who could afford to look at it didn’t bother to look at it, or two, those who would bother to look at it and understand it couldn’t afford to do so. Both are problematic. (There’s also a third option, even more problematic, below – when an actor who can both afford and understand it keeps the research to themselves as a zero-day sploit.)

The first obvious point is that security doesn’t work if it’s not out in the open. If this wasn’t the final nail in the coffin for security through obscurity – where paywalls are definitely included in the obscurity concept – then I don’t know what would be.

The second point is that this isn’t the only standard we rely on for security that is based on locked-up evidence of security. As has been shown, it may be that each component of the security stack passed its unit test, but the integration tests clearly were insufficient. In other words, it doesn’t matter if all proofs of security come out right, if you’re not sure you’ve proven the whole system to be secure (as opposed to just individual pieces of it). We can expect several more severe vulnerabilities to be in plain sight behind corporate paywalls.

The third point, which is going to be expanded in the first followup article, is that while ordinary activists and coders were locked out of reviewing these documents, the NSA and the like had no shortage of budget to pay for subscriptions to these specifications. Thus, the IEEE’s paywall was lopsiding the security field toward mass surveillance, away from security.

The fourth point, which also merits expansion, is that if something as severe as this was unread for thirteen years because it was behind a paywall — what does that say about legacy media’s current infatuation with paywalls to protect their “genuine journalism”?

(This is a post from Falkvinge on Liberty, obtained via RSS at this feed.)

Source: 
Rick Falkvinge

Dear friends of this aggregator

  • Yes, I intentionally removed Newsbud from the aggregator on Mar 22.
  • Newsbud did not block the aggregator, although their editor blocked me on twitter after a comment I made to her
  • As far as I know, the only site that blocks this aggregator is Global Research. I have no idea why!!
  • Please stop recommending Newsbud and Global Research to be added to the aggregator.

Support this site

News Sources

Source Items
WWI Hidden History 51
Grayzone Project 166
Pass Blue 208
Dilyana Gaytandzhieva 14
John Pilger 416
The Real News 367
Scrutinised Minds 29
Need To Know News 2578
FEE 4598
Marine Le Pen 380
Francois Asselineau 25
Opassande 53
HAX on 5July 220
Henrik Alexandersson 910
Mohamed Omar 371
Professors Blog 10
Arg Blatte Talar 40
Angry Foreigner 18
Fritte Fritzson 12
Teologiska rummet 32
Filosofiska rummet 107
Vetenskapsradion Historia 152
Snedtänkt (Kalle Lind) 217
Les Crises 2799
Richard Falk 166
Ian Sinclair 108
SpinWatch 61
Counter Currents 9476
Kafila 472
Gail Malone 39
Transnational Foundation 221
Rick Falkvinge 95
The Duran 9732
Vanessa Beeley 124
Nina Kouprianova 9
MintPress 5629
Paul Craig Roberts 1814
News Junkie Post 58
Nomi Prins 27
Kurt Nimmo 191
Strategic Culture 4771
Sir Ken Robinson 24
Stephan Kinsella 99
Liberty Blitzkrieg 851
Sami Bedouin 64
Consortium News 2672
21 Century Wire 3544
Burning Blogger 324
Stephen Gowans 88
David D. Friedman 152
Anarchist Standard 16
The BRICS Post 1514
Tom Dispatch 523
Levant Report 18
The Saker 4306
The Barnes Review 527
John Friend 473
Psyche Truth 159
Jonathan Cook 145
New Eastern Outlook 3976
School Sucks Project 1775
Giza Death Star 1916
Andrew Gavin Marshall 15
Red Ice Radio 613
GMWatch 2299
Robert Faurisson 150
Espionage History Archive 34
Jay's Analysis 967
Le 4ème singe 90
Jacob Cohen 208
Agora Vox 15499
Cercle Des Volontaires 436
Panamza 2187
Fairewinds 117
Project Censored 946
Spy Culture 527
Conspiracy Archive 76
Crystal Clark 11
Timothy Kelly 570
PINAC 1482
The Conscious Resistance 835
Independent Science News 80
The Anti Media 6664
Positive News 820
Brandon Martinez 30
Steven Chovanec 61
Lionel 292
The Mind renewed 442
Natural Society 2619
Yanis Varoufakis 1001
Tragedy & Hope 122
Dr. Tim Ball 114
Web of Debt 145
Porkins Policy Review 423
Conspiracy Watch 174
Eva Bartlett 597
Libyan War Truth 335
DeadLine Live 1913
Kevin Ryan 63
BSNEWS 2080
Aaron Franz 235
Traces of Reality 166
Revelations Radio News 121
Dr. Bruce Levine 145
Peter B Collins 1564
Faux Capitalism 205
Dissident Voice 10775
Climate Audit 224
Donna Laframboise 438
Judith Curry 1131
Geneva Business Insider 40
Media Monarchy 2382
Syria Report 78
Human Rights Investigation 91
Intifada (Voice of Palestine) 1685
Down With Tyranny 11917
Laura Wells Solutions 44
Video Rebel's Blog 436
Revisionist Review 485
Aletho News 20477
ضد العولمة 27
Penny for your thoughts 3013
Northerntruthseeker 2385
كساريات 37
Color Revolutions and Geopolitics 27
Stop Nato 4712
AntiWar.com Blog 3071
AntiWar.com Original Content 6948
Corbett Report 2361
Stop Imperialism 491
Land Destroyer 1199
Webster Tarpley Website 1103

Compiled Feeds

Public Lists

Title Visibility
Funny Public