Eugene Leitl wrote:
>
> In fact, the longer it takes before the worm strikes, the more
> dramatic will the effects be. If the worm strikes a decade from now,
> y2k will look like an infinitesimally small beer in comparison.
>
> How can one address it? TCP/IP is too complex to be implemented in
> hardware, and protocols stacks cannot be made secure. Even if, there
> is still the application layer. Even security by obscurity (system
> diversity, which is not necessary an observable trend) won't help if
> the code is smart enough to discover exploits autonomously.
>
> Does anybody see any workaround against this? I don't.
>
One "simple" counter is to only run code that you have the source
for and that you compiled yourself. This isn't perfect, but
open-source code has a lot more eyes looking for and fixing
vulnerabilities. A more difficult counter is to modify the
hardware and/or compilers to remove certain common exploits.