| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Jul 2010 15:58:29 -0700 From: "Tomas L. Byrnes" <tomb@...neit.net> To: "coderman" <coderman@...il.com> Cc: funsec@...uxbox.org, full-disclosure@...ts.grok.org.uk, Joel Esler <joel.esler@...com>, Gadi Evron <ge@...uxbox.org> Subject: Re: [funsec] The Economist, cyber war issue > -----Original Message----- > From: coderman [mailto:coderman@...il.com] > Sent: Sunday, July 04, 2010 1:43 PM > To: Tomas L. Byrnes > Cc: Joel Esler; Gadi Evron; funsec@...uxbox.org; full- > disclosure@...ts.grok.org.uk > Subject: Re: [Full-disclosure] [funsec] The Economist, cyber war issue > > On Fri, Jul 2, 2010 at 10:30 PM, Tomas L. Byrnes <tomb@...neit.net> > wrote: > > ... > > What is needed is a cyberspace version of an armed citizenry. > > what is needed is preparedness and rapid repair. [Tomas L. Byrnes] That would be part of my definition of " a cyberspace version of an armed citizenry" the science and > you > won't survive with top down prescriptive remedies. > [Tomas L. Byrnes] Agreed wholeheartedly. It was kind of my point. > resilience as emergent property of preparedness in process and > property is the only rational approach. this implies forethought and > competence, which is sorely lacking in any technical endeavor > involving the public gamut. > [Tomas L. Byrnes] Not sure I agree there. I think the real problem is resources. It's just too plain complex and expensive for the average Joe/Jose/Jean etc. to stay on top of things. > a million Sarah Palins with "cyberweapons" to protect the populace? > [Tomas L. Byrnes] Nope, hundreds of millions of people protecting their own property, and sharing information with each other, and thereby a network effect of protecting their neighbors and the 'net at large. It works very well where concealed carry is allowed as well, btw, as even those who don't carry are protected by the disruption to criminals plans caused by the lack of knowledge of who is and isn't armed. > > > > Pardon my arrogance [ignorance],.. > the math doesn't lie... > [Tomas L. Byrnes] So the solution is to take what is currently an NP-complete problem for individual nodes: string matching and behavioral analysis; and turn it into a bounded problem across all participating nodes: analysis of WHO is bad (out of the 4B IPs, and order of magnitude smaller number of connected networks), NOW, and share that information in an actionable timeframe. It won't stop all attacks, but it will clamp them faster, and limit the window of vulnerability. That's what ThreatSTOP was built to do. > P.P.S. the "War in the fifth domain" article at least touches on these > realities, while the "Cyberwar" leader is utter trash. [Tomas L. Byrnes] The article itself is a decent "survey" article, skipping like a stone across the surface of the issue. The conclusion: it's time for "arms control" on the Internet, is neither practical, nor even supported by the article's text. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists