Powered by Castpost
Hmmm... have to wait on some feedback here, but for me, Blogger was "down" for more than 13 hours past its scheduled 30-minute downtime. Back in the saddle again, I guess.
Sooo... was reading The English Guy's Networks and Security blog and ran across this:
"Skype may assist botnet attacks"
The post points to the fact that the proprietary technologies of Skype and Vonage and other VOIP providers could pose a security risk. Read the post. He makes some very good points and points to more genuinely interesting observations by a group that watches such things.
OTOH, As much as I appreciate the argument that open standards could increase security in some ways ("many eyes" etc.), I think I'd rather trust my phone service to the market pressures on my provider. Proprietary technology doesn't always have to mean Microsoft-style security holes, and proprietary tech does offer some shielding from snoops (particularly, govt snoops would need subpoena authority to obtain the proprietary info, or else someone to reverse-engineer it, with no assurances of getting it really on the money or *gasp* and actual warrant to tap would have to be obtained!) that open standards may not.
The "many eyes argument" does, as I implied above, have a lot going for it, but I think mixing open and proprietary tech can offer some advantages. The biggest argument for open tech is a philosophical one, frankly, and like the process-oriented POV that argues for an "open standard" for Wikipedia, doesn't always lead to the best end product. One notable exception to the open tech/mixed quality problem is the notably consistent high quality in Linux offerings. But there, linus Torvalds still acts as a benevolent dictator-of-last-resort. In much of the open source/open tech community, there is no equivalent overseer.
And the group noted in The English Guy's post that apparently wants to oversee the technology is... funded by the feds (how'd I misread that? Not feds, a buncha academia nuts). (Who woulda guessed that one?)
I'll have to give this one some more thought: market pressures vs. socialist idealism. Maybe there's a "third way"? *LOL*
Oh, yeh. Develop PGP-based/type products for phone encryption over VOIP? Not seeing that one right away, as it would seriously mod the PGP model, but my head's flipping through ideas...
Maybe that is it: third-party encryption add-ons to VOIP appliance firmware. Yeh. LEOs* would love that one... *heh*
*Law Enforcement Officers |