On Sun, 27 Jun 2004, J.A. Terranson wrote:
Even if this is doable, it is out of reach of Jane Citizen.
If a J. Random Hacker with the necessary capabilities is within her reach, the countermeasure is available to her regardless of her own tech skills.
You assume that Jane's only problem is equipment procurement. Alas, Jane's biggest problem has not changed much in the last 100 years: knowledge. Jane doesn't know this is an issue that she might need help with.
We have a large unwitting helpmate: the Media. Their primary motivation is the eyeballs, the Nielsen ratings; which can be exploited for Spreading The Word. Technology, while difficult to understand for mere mortals, together with its handlers, has its appeal - not entirely dissimilar to witchcraft of the Medieval Times; see the popularity of the topic of computer security breaches between journalists. They will get it wrong. But Jane can be corrected; the important task for the Media is to make her aware about the possibility and get her to ask. At that stage, the incorrectness in the media reporting can be corrected. If Jane becomes aware about at least a subset of the possibilities, the Media did their job.
With continuing outsourcing, there should be enough out of work engineers available who are sufficiently hungry to risk working for the underground market.
I've wondered over the last several years why such a market has not been more openly extant. This thought has occurred to me many times since the last 70's - the stuff you want is available, but barely, even if "legal".
It's not as wide as it should be. However, it's far from nonexistant; there are eg. alternative firmwares for DVD drives, with stripped zoning, firmwares for cellphones with removed operator lock, and many other goodies. I suppose the fundamental problem here is the lack of skilled-enough people, combined with closed technology; it's rather difficult to disassemble a program from binary, takes a lot of time and in many cases is impractical. Another problem is the technology the electronics is being manufactured now: everybody can work with 2.54mm DIL chips, not everybody can work with 0.125mm SMD chips, and only a selected few have access to technology necessary for BGA chips. :( This could be partially offset by some hypothetical new generation of visual disassemblers, showing code not as an endless stream of instructions but as a graphical representation of the execution flow, perhaps using some tricks from atomic-level visualisation of huge and complex biochemical structures, eg. proteins and intracellular structures. Another hope, closer and more realistic one, is in the emergence of smaller manufacturers, voluntarily opening their devices in the hope for market advantage (the Linksys box mentioned here may be a good example). The remaining problem is the hardware level. Hopefully somebody with enough skills and a good idea appears (or perhaps already appeared) and designs a way how to make work with the tiny chips easier for a garage workshop; there are trends along this direction already, I saw a mention of a reflow oven for SMD boards, made of a toaster. Never lose hope, and never stop doing things. If you can't solder, code. If you can't code cryptosystems, code tools. If you can't code at all, write articles and spread awareness. If you can't even write, talk with friends. If you don't have any suitable friends, at least read and learn yourself. Even an otherwise meaningless act may mean a lot if it comes at the "wrong" place and the "wrong" time. See the "Patriot Ants" approach I mentioned couple weeks ago in the Zombie Patriots thread.