Home https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Technology https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Youtube's "hacking techniques" ban threatens to close all infosec Youtube / Boing Boing

Youtube's "hacking techniques" ban threatens to close all infosec Youtube / Boing Boing

Occasionally, companies could insist – with a pretty face – that the real problem with the security flaws in their products was the researchers who went public with them and warned customers and users that the products they trusted were not trustworthy.

Then came the modern infosec movement, where hactivists and scientists began giving businesses a small grace period before they went public, while still rejecting the whole idea of ​​"security through turmoil". If your security depends on no one else independently rediscovering the errors you've identified, you'll be very disappointed ̵

1; just ask any American city that pays for ransomware crawling to get a defect that the NSA kept secret so they could use it against "bad guys".

Infosec's crossword is "sunlight is the best disinfectant." If you want to prove that a product is really defective, it is not enough to make the claim: back up demos that everyone else can replicate – otherwise companies will immediately call you a liar and assure their customers if there is nothing to worry about about.

Yesterday, Youtube froze Kody Kinzie's long-standing Cyber ​​Weapons Lab channel with reference to a policy that prohibits "Instructional and phishing: Shows users how to bypass secure computer systems." He now has a "strike" that prevents him from uploading new videos.

It may sound like a commonsense measure, but consider: the "evil" can find out for themselves. The two groups that really benefit from this information are:

first Users who are told which systems they should and should not trust; and

2nd Developers who learn from other developers' blunders and improve their own safety.

Youtube, which prohibits security information, does not make the products more secure, nor does it prevent the attackers from exploiting errors – but it will mean that users will be the last to know that they have have been trusted in wrong businesses and that developers will continue to make the same stupid mistakes … forever.

( via four short links )

<! –

Cory Doctorow

I'm writing books. My latest is: a YA graphic novel called In Real Life (with Jen Wang); a nonfiction book on the art and the internet called information will not be free: laws for the internet age (with introductions of neil gaiman and amanda palms) and a ya science fiction novel called homeland (that is the successor to the little brother). I speak everywhere and I tweet and tumble too.


Source link