lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 7 Jul 2010 01:10:08 -0700
From: coderman <coderman@...il.com>
To: "Tomas L. Byrnes" <tomb@...neit.net>
Cc: funsec@...uxbox.org, full-disclosure@...ts.grok.org.uk,
	Joel Esler <joel.esler@...com>, Gadi Evron <ge@...uxbox.org>
Subject: Re: [funsec] The Economist, cyber war issue

On Tue, Jul 6, 2010 at 7:36 PM, Tomas L. Byrnes <tomb@...neit.net> wrote:
> ... the vector of source attack against most CI
> is from the "great unwashed"

character of attacks i have observed using the "great unwashed" vuln. vector:
- inconsequential (in a war context) DDoS outages of various specific
targets or paths. if Twitter or eBay is down by DoS it's not a
national emergency nor decisive in conflict.
- unwashed technical incompetence. YouTube down by BGP FUBAR is not a
national emergency nor decisive in conflict. etc.,

i can, however, cite many examples from over 433 telecommunications
fiber sever / outage incidents since 2005 where a large swath of the
population / network is affected by spontaneous failure of presumably
redundant physical paths (right-of-way, path diversity) that weren't
separate or otherwise failed unexpectedly.  rework a well tuned model
for an intelligent, targeted attack and you see how cost effectiveness
at high degrees is absurdly lopsided...
(when you compare a YouTube outage annoyance to serious mass freak-out
over 911, debit/banking, visa, long distance, cross NPA local,
emergency service dispatch, and other critical services just "going
dead..." it's also clear how the practical implications differ greatly
at these scales as well.)


you seem to assume i am pulling claims out of airs; perhaps. perhaps
i've got a bit more analysis behind these assertions. ... if you want
to get technical ...

...

:P

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ