| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Oct 2013 08:10:48 +0100 From: Scott Herbert <scott.a.herbert@...glemail.com> Cc: cpunks <cypherpunks@...nks.org>, Full Disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: Foreign Intelligence Resistant systems [was Re: reasonable return on investment; better investments in security [....]] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Breathe... But yes all governments it appears are at it. Remember APT1 and the Estonia take-down by Russia. Sadly I can see a day where membership of an international list like these, is considered akin to spying for everyone else. Sigh. coderman <coderman@...il.com> wrote: >i must amend this prior advice. > >in addition to legal protections, educational support, and competitive >programs, > >also provide: >- direct and unrestricted backbone access to various individuals or >groups who demonstrate competence in either the educational or >competitive realms, in order for them to mount additional attack >strategies against any reach-able target. this access must consist of >both passive taps of backbone traffic as well as injection taps for >raw packet transmission at core rates. this should be available on the >Internet backbone at internet exchanges, private fiber through public >right of way, and core networks of operators of licensed wireless >spectrum. > > >a side benefit of implementing these reforms would be the de-facto >de-funding of offensive network operations by third parties or >governments. the cost to keep ahead of such a widespread, popular, and >distributed effort would be enormous, and provide continually >decreasing returns. > > >... getting there is much more complicated of course. *grin* > > >--- > > >On Sun, Apr 21, 2013 at 1:29 PM, coderman <coderman@...il.com> wrote: >> On Fri, Apr 19, 2013 at 1:26 PM, <paul.szabo@...ney.edu.au> wrote: >>> ... >>> > 2012-02-15 - Vulnerability Discovered by VUPEN >>> > 2013-03-06 - Vulnerability Exploited At Pwn2Own 2013 and Reported >to Adobe... >>> >>> Is a delay of a year before reporting to the vendor, acceptable? >> >> >> three years or more is better of course! i would not be disappointed >> with a dozen months, however. >> alas external factors (especially when licenses are non-exclusive) >> complicate longevity of weaponized exploits... >> >> >> if you really want to improve security: >> a) remove all criminal and civil liability for "hacking", computer >> trespass, and all related activities performed over data networks; >> establish proactive "shield" legislation to protect and encourage >> unrestricted security research of any subject on any network. extend >> to international agreements for blanket protection in all >> jurisdictions. >> b) establish lock picking, computing, and hacking curriculum in pre >> school through grade school with subsidized access to technical >> resources including mobile, tablet, laptop test equipment, grid/cloud >> computing on-demand, software defined radios with full >> receive/transmit, and gigabit internet service or faster. >> c) organize a program of blue and red teaming challenges for >> educational and public participation at the district, regional, and >> national level cultivating expertise and rewarding it with hacking >> toys, access, and monies. >> >> if implemented, i can guarantee a significant and measurable >> improvement in the security posture of the systems that remain in >> such an environment. > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ - -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -----BEGIN PGP SIGNATURE----- Version: APG v1.0.9 iQFMBAEBCAA2BQJSYN73LxxTY290dCBIZXJiZXJ0IDxzY290dC5hLmhlcmJlcnRA Z29vZ2xlbWFpbC5jb20+AAoJEJHf3PUjVwdRJ08H/09c9UtHcJ2sURyXdILyo86Q zK9K4lt79HHPncVT2iZthg6lLeQkWptGrHBDGN9BU+RE/cbpHkaMBHuQB9tDA5xm Yrn2new55Y9JvEDuQzwDKMPbtjTcBx9vtCNGvQhnGwMyid6pIkaDs8NqSrbRLQ3c P0Knhxz4KWCQxNUpqakrHkm/HwzK6tX1va5WyREOxVjoaodzBroM2HtHhm6BjPn4 xgfYIsiAyoZIAlQTVNfi0iEfM0Oj+IGWPZngAA1qIjUJdMvkkRE9EQX3ggHeYLTc WN2A+dLvI17jqXqt2awsdrFLCy38lHYfeM7iOCUB1sAxHSGb92CcskMaQXXt11s= =sp3K -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists