The Implications of a Centralized App Store and Centralization in General: Single Point of Failure
As always, one should be very careful in installing any software. My own policy is “only the absolute essentials needed for my work”.
MacWorld Magazine reports Researchers find more versions of digitally signed Mac OS X spyware.
The malware was initially discovered last week on the Mac laptop of an Angolan activist at the Oslo Freedom Forum, a human rights conference in Norway, by security researcher and privacy activist Jacob Appelbaum.
The most interesting aspect of KitM is that it was signed with a valid Apple Developer ID, a code-signing certificate, issued by Apple to someone named “Rajinder Kumar.” Applications signed with a valid Apple Developer ID bypass the Gatekeeper security feature in Mac OS X Mountain Lion, which verifies the origin of files to determine whether they pose any risks to the system.
Worrisome. I would like to hear Apple’s position on what has happened here. One does have to count on Apple’s vetting process for developers, which I do not want to count on myself.
The broader issue
The implications here go far beyond this case this case.
Do you put all your money and all your assets in one bank/broker? All your assets into one stock or bond? Why not?
As the Net and 'Cloud' become increasingly centralized and concentrated, the risks grow exponentially: massive physical data centers (physical attack) and massive virtual services (Apple AppStore, Amazon S3, etc). What a juicy prize (to a hacker).
Beyond any form of denial of service (blowing up a data center or cutting its power or data lines), and beyond taking out a specific service with a massive 'bot' attack, there are far more damaging possibilities.
Consider the “emperor ’s clothes” hazard of placing all your trust in a single party like Apple: with system updates and application downloads, compromising the Apple services or Apple digital signing process doesn’t just mean your machine might be compromised, it means 100 million or more. Or whatever. Talk about a mess (and I’m not singling out Apple here). And the risks mean governments too, not just organized brilliant hackers. What about a secret court order? Low odds of an “event” (we hope), but with massive potential for compromised systems.
No problem, just restore your system from... the central server!
As network researchers have shown, failure of even a few nodes of a global network can effectively take down the entire network in ways that are hard to imagine or even fathom. So in general, I look with unease on the way online services are trending and the rental of software from centralized servers.
I am not in favor of a centralized computing approach any more than I like the idea of having one huge power plant lighting up half a state— it’s just bad design, because there is no fault tolerance when everything relies on one provider.
In the ugly world we live in, the reality is that “cutting one cord” (using that figuratively) could take down the entire country economically, and put at risk millions of people as water, food, power are cut off by failure of power or transportation systems. As the ugliest case, consider an EMP pulse from a North Korean missile high in the atmosphere. But one need not worry about extremes to see that less extreme events could have very big implications.
UPDATE: events after I wrote the above have exposed a look at the tip of the privacy iceberg and the sleezy underworld: the Snowden affair (massive constitutionally dubious government spying). Apple has issued a statement on customer privacy, but of course this is fairly meaningless in the context of secret court orders, and probably completely meaningless in some countries.