[OLPC Security] Strange concerns, but still...
Christopher Paulicka
christopher at idealab.com
Wed Feb 7 20:43:17 EST 2007
SUMMARY: 8.19 + 8.21 + 9.1 + 9.4= MASSIVE THEFT?
Adding them up, I do see a highly unlikely scenario. However, when figuring
probability, you must also measure profitability. Millions of dollars
worth of
hardware are going to be entrusted to children, some of the primary
victims of
the world.
1) Encourage developer key acquisition
2) Find out which computers have developer keys on them
3) Steal computers
Here are the various sections that triggered these thoughts, and my
comments.
8.19 P_THEFT: anti-theft protection
If the machine is used as a personal machine, and the child has asked for a
developer key, the thief could reflash the BIOS with a non-anti-theft
daemon.
The question becomes, then, how difficult will it be to know who has
this key?
8.21 (For later implementation) P_PASSWORD: password protection
Storing information solely in plain text seems dangerous, especially since
there is already consideration of a sophisticated child-user who may acquire
a developer key.
9.1 Damaging the machine
The child with developer key is mentioned again.
How difficult will it be to get a developer key?
Won't most children store this key on their machine?
Won't this key be stored in plain text?
9.4 Doing bad things to other people
I found this section strange. After some thought, I realized that was
because
it seemed less technical, more emotional, almost hopeful and naive?
Basically, while other sections addressed specific problems, and offer
at least some
level of solution, this section just hopes that it will inherently not be an
issue.
As I said, strange.
Especially since I can imagine that tens of thousands of computers is
quite an incentive for developing such worms.
Thank you for your time,
Christopher Paulicka
9.7.2 Objectionable content filtering
Irrelevant to my discusion, but OTFLOL!
More information about the Security
mailing list