
Bruce Schneier: We're sleepwalking to digital disaster we're too dumb to stop - munkiepus
http://www.theregister.co.uk/2016/03/02/sleepwalking_towards_digital_disaster/
======
jmnicolas
I don't see why it would be different for personal digital security than in
the physical world.

Nowadays a house is no more protected against break-ins than a hundred years
ago.

Usually people install an alarm system after the first break-in (ask me how I
know ;-) and hope it will be enough. It usually is.

I think some companies will sell a kind of home firewall that will protect
your vulnerable IOT things. It will be vulnerable too but like a physical
alarm system raise the bar for the would be attacker.

The infosec guys all seem to think like soldiers at war and believe that if a
breach happen, game over you lost forever.

For normal people, a digital security breach like with a break-in sucks, it
costs money but life goes on, you just adapt your security to the most common
threat and according to your budget while knowing that a sufficiently
determined attacker will ALWAYS gets his way.

I still hate those IOT things though ;-)

~~~
djaychela
I don't think the two compare that closely.

Generally, if you get robbed (in the UK at least) then people are looking for
high-value, easily-fenced items that they can sell off, and that's it. I live
in a borderline rough area of a decent town, and have been burgled - my
neighbours more than once, so alas speak from experience and from what the
Police have told me. They don't tend to go upstairs and nick your diary or
your list of passwords, etc.

Being robbed in the virtual world can be much worse - while there may be no
physical loss in many cases, having your identity truly stolen and the losses
you get from it can devastate your life for years to come - spending a lot of
time dealing with issues which the robbers created, such as poor credit, etc.
And these attacks can come from anywhere in the world. You need to be
physically present to be a burglar. To ream someone via an IoT security flaw,
you can be anywhere. And given some of the "how did they miss that" security
flaws in many such devices, it's leaving people wide open to all sorts of new
attacks.

Plus there's also the parallel of people defecating in the houses they've
robbed - it's a piece of cake to delete someone's photos, videos and backups,
leaving them completely bereft of something that has no monetary value, but
which has an immense sentimental one.

~~~
astrodust
Being robbed in the virtual world isn't like losing your silverware. It's like
being robbed of your very existence.

~~~
dave2000
Uh, no. That would be murder.

~~~
astrodust
If you're murdered you at least have an estate. Identity theft can, in some
ways, be worse than that. You may end up having to fight to have a single cent
to your name.

~~~
dave2000
There's not a single identify theft victim who has ever or will ever rather
they'd been murdered.

