[OLPC Security] Strange concerns, but still...

[Christopher Paulicka]

SUMMARY:    8.19 + 8.21 + 9.1 + 9.4= MASSIVE THEFT?

Adding them up, I do see a highly unlikely scenario.  However, when figuring
probability, you must also measure profitability.  Millions of dollars 
worth of
hardware are going to be entrusted to children, some of the primary 
victims of
the world.

1)  Encourage developer key acquisition
2)  Find out which computers have developer keys on them
3)  Steal computers

Here are the various sections that triggered these thoughts, and my 
comments.

8.19    P_THEFT: anti-theft protection

If the machine is used as a personal machine, and the child has asked for a
developer key, the thief could reflash the BIOS with a non-anti-theft 
daemon.

The question becomes, then, how difficult will it be to know who has 
this key?

8.21    (For later implementation) P_PASSWORD: password protection

Storing information solely in plain text seems dangerous, especially since
there is already consideration of a sophisticated child-user who may acquire
a developer key.

9.1    Damaging the machine

The child with developer key is mentioned again.  

How difficult will it be to get a developer key?  
Won't most children store this key on their machine?
Won't this key be stored in plain text?

9.4    Doing bad things to other people

I found this section strange.  After some thought, I realized that was 
because
it seemed less technical, more emotional, almost hopeful and naive?

Basically, while other sections addressed specific problems, and offer 
at least some
level of solution, this section just hopes that it will inherently not be an
issue.

As I said, strange.

Especially since I can imagine that tens of thousands of computers is 
quite an incentive for developing such worms.

Thank you for your time,

Christopher Paulicka


9.7.2    Objectionable content filtering

Irrelevant to my discusion, but OTFLOL!