Re: Perversion attacks
Dan Clemmensen (dgc@shirenet.com)
Tue, 29 Oct 1996 18:59:57 -0500
Anders Sandberg wrote:
>
> On Sat, 26 Oct 1996, Dan Clemmensen wrote:
>
> > Interesting. Both Lyle and Anders have objected to my scenario of
> > the "transcendence" of an SI by takeover of the internet by a program
> > that uses the computing resources to augmemt its own intelligence.
>
> Was that what you meant? I had the impression you was talking about the
> Vinge use of the term (roughly "Sneaky take-over of vital systems, and
> then using them against somebody").
>
I don't completely understand the distinction, unless it's in the idea
that
"somebody" must be an enemy. In the scenario I favor, the intent is to
use
the computing resources to augment the intelligence. The effect may be
to
deny the computing resources to others, or the SI may elect to stay
covert by
only using otherwise-unused resources.
> > This scenario occurs in Vinge's "True Names" as the result of a defense
> > against a perversion attack. One of my underlying assumptions is that
> > the internet is vulnerable to such an attack, and that the first atacker
> > will win. It isn't really a war at all. Further, the result may not be
> > negative.
>
> Well, that depends on the possibility to self-augment using computing
> resources. While computer security is full of holes everywhere, it isn't
> that bad - cracking into computers to get more computing power is
> non-trivial and takes time, even for an SI. The idea that a sufficiently
> smart being could crack everything is a myth.
>
This depends strongly on how intelligent the SI becomes. Breaking into a
system is reputed to require intelligence and persistence. Frequently, a
clever idea can reduce the amount of brute-force computing needed to
solve
a security problem. If the "True Names" augmentation scenario is valid,
then
the SI will become progressively more capable of generating the
appropriate
clever ideas. Clearly the proper strategy is to start by acquiring the
(nearly) undefended systems, then using them to augment the SI to let it
acquire the slightly better-defended systems, and so forth. Many system
are
essentially undefended, because the perceived cost of a penetration is
less than
the system administrator's perceived cost of defending the system. As a
quick reality check on this, when did you last change your password? Is
your
new password a combination of your spouse's initials and digits from
your
telephone number? (A substantial percentage of passwords are.) Are your
files read-protected against other users? As you point out, computer
security
is full of holes (nearly) everywhere. As it happens, a fairly minor hole
is all
it takes to permit a major penetration to occur. I personally hope the
SI is
benign. I think that's the only hope for all other intelligences,
including me.
The only computers for which easy cracking is a myth are those with
administrators
who really care, or those that are not on the net. I believe that this
comprises a
small subset of the computers on the net.