The Zyxel’s Firewall Bug. Twenty Years Passed Invain

by Andrea Monti – originally published in Italian by Infosec.News

Routers … are affected by a severe vulnerability that makes it possible, without any artifice or hack, to obtain the router’s access password.
Therefore, it is possible to block the operation of the device, making services inaccessible and, in some cases, accessing the user’s internal network. It would make it possible to intercept e-mails and, more generally, the information contained therein— all without the user’s knowledge. We wonder … how is it possible that equipment with such vulnerabilities to the privacy of citizens and the activities of companies can be placed on the market without any control, without any information or caution, without any assumption of responsibility on the part of manufacturers and distributors and without any protection for defenceless (and unsuspecting) users? Continue reading “The Zyxel’s Firewall Bug. Twenty Years Passed Invain”

Who owns your computer, and more importantly, can you trust it?

Operating systems and software manage the usability of machines by Andrea Monti – Originally published in Italian by Infosec.News

Adobe announces the end of Flash Player and that it will block content based on this standard, which is considered inherently unsafe and the subject of constant security updates.

It is a subject for another article to investigate why it was possible to allow such software (and those of other manufacturers) to burden and weaken computers around the world . For the time being, we are interested in the relationship between obsolescence management, licensing, the ‘ownership’ of a computer (or a smartphone or a tablet, or – when the IoT will, unfortunately, become a reality – any household appliance).

In short: buying a computer does not mean becoming its owner, because its usability depends on the strategies of operating systems and software’s producers to keep it running. The subject is certainly not new (Richard Stallman wrote about it at the dawn of free software), but today it has reached worrying dimensions.

Continue reading “Who owns your computer, and more importantly, can you trust it?”

Networks and national security. What software houses can do according to Prof. Monti

What do the anti-American, allegedly-Chinese espionage actions have in common with the death in Germany of a woman who would not receive prompt treatment because a ransomware attack paralysed the German hospital where her ambulance was heading? The analysis of Andrea Monti, adjunct professor of law and order and public security law, University of Chieti-Pescara – published initially in Italian by Formiche.net
Continue reading “Networks and national security. What software houses can do according to Prof. Monti”

If software were a military weapon

Software manufacturing is often compared to car building, and there are plenty of such analogies available, ranging from jokes to serious analysis.

A less considered match is the manufacturing of military weapons in contrast to sport weapons.

The history of the US Army contest that led Beretta to a winning over the German-Swiss Sig Sauer, thus securing the Italian company a rich supply contract of the “92” (renamed “M9” in the US Army naming system) is revealing.

The M9 was “the” most reliable gun in the market, being able to fire thousands of bullets without malfunctions, though enough to stand against the harshest environmental conditions and easy to both operate and maintains. Soldiers could rely upon this weapon to have the job done and not being let alone in critical moments.

How many software (from firmware, to operating systems, to platforms) are built like a Beretta M9?

Autonomous-driving and liability: a brief taxonomy

Summary: If you really want to regulate the field of autonomous driving, it would be better to establish – at last – the criminal responsibility of those who produce software and put an end to those shameful clauses of the user licenses that say that “software is as is, and not suitable for use in critical areas”.

Discussing with Prof. Alessandro Cortesi on Linkedin, an interesting debate emerged on the boundaries of legal responsibility for autonomous driving and on the relevance of ethical choices in the instructions to be given to the on-board computer of the vehicle to manage an accident.

Personally, in such a case, I find the use of ethics useless and dangerous.

Ethics is an individual fact which, through the political mediation of representatives of groups that share their own ethics, is translated into legally binding rules. If the State deals personally with ethics, it opens the door to crucifixions, burning and gas chambers.

On the “decision” in case of an accident: it is not the computer that “decides” but the man who programmed it that, (even if only as a possible malice / conscious guilt) takes responsibility for the degrees of autonomy (not decision) left to the software.

It is a fundamental and indispensable point not to transfer the legal consequences of behaviour from people to things.

Automatic driving cannot be allowed in such a way as to violate by default the laws that regulate driviing (conduct which, as it complies with the law, is presumed to be harmless).

The point, if anything, is the management of the extraordinary event (classic pedestrian that suddenly crosses): in this case – once again – the theme is the mal-functioning of the hardware or the bad conception, programming, interaction of the software, neither more nor less than what would happen in case of breakage of another component.

Moreover, when the machine loses control, there is no computer that can oppose the laws of physics.