In this episode of the podcast (#187), sponsored by Virsec, we talk with journalist and author Cory Doctorow of BoingBoing.net about the recent GE Filtergate incident and how DRM is invading our homes. Also, Satya Gupta the Chief Technology Officer of the firm VirSec joins us to talk about how application runtime monitoring is gaining traction in the age of DevSecOps and left-shifted security.
DRM: An Invitation to Mischief
Back when it passed in the 1990s the Digital Millennium Copyright Act was about protecting songs, video games and movies from digital piracy. Thirty years later, however, the DMCA’s prohibition on tampering with digital locks has been used by manufacturers of all kinds of devices to create de-facto digital monopolies on parts and services/ The same digital rights management (or DRM) technology that more or less dictates what kind of replacement ink cartridge you can put in your printer may soon compel you to only use your automakers preferred tire when you get a flat or manufacturer-approved bread for your smart toaster. That’s a scenario our guest this week has posited. Cory Doctorow is a journalist, the editor of the site Boing Boing and an author of books like Homeland, Down and Out in the Magic Kingdom and Little Brother.
In this conversation Corey and I talk about the insidious spread of DRM and digital monopolies. We discuss one recent example of this, the so-called GEFiltergate incident, which saw a fridge owner going to great lengths to circumvent GE implanted RFID tags in GE-approved water filters.
To start off, Corey talks about how we got here and how the notion of digital rights has evolved in the last thirty years – essentially criminalizing circumventing copyright protections. That, Corey says, is an “invitation to mischief.”
Shifting Left with Application Runtime Monitoring
In our second segment: information security has a scale problem. Simply put: there are too many threats, and too many threat actors for cyber defenders to keep up. Despite vast improvements in defensive technologies and so-called “incident response,” the bad guys are adapting as well – and staying one step ahead.
Many propose the solution to this is more automation: using computers guided by machine learning and artificial intelligence to do the work fo scarce human operators. But such approaches carry real risks. Among them: false positives and false negatives, not to mention the unplanned down time each creates.
Our next guest says a better approach may be to stop playing whack a mole with attackers and instead focus on what matters: ensuring that code behaves as it was intended to. Satya Gupta is the CTO at the firm VirSec. In this conversation, he and I talk about how the firm started- in the wake of the SQL Slammer outbreak – and how technologies like application runtime mapping are taking on new relevance in the age of DEVSECOPS and “shift left.”
(*) Disclosure: This podcast was sponsored by VirSec. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.