lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 6 Jul 2010 19:36:07 -0700
From: "Tomas L. Byrnes" <tomb@...neit.net>
To: "coderman" <coderman@...il.com>
Cc: funsec@...uxbox.org, full-disclosure@...ts.grok.org.uk,
	Joel Esler <joel.esler@...com>, Gadi Evron <ge@...uxbox.org>
Subject: Re: [funsec] The Economist, cyber war issue

Wow, such grandiloquism!

> -----Original Message-----
> From: coderman [mailto:coderman@...il.com]
> Sent: Tuesday, July 06, 2010 7:04 PM
> To: Tomas L. Byrnes
> Cc: Joel Esler; Gadi Evron; funsec@...uxbox.org; full-
> disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] [funsec] The Economist, cyber war issue
> 
> On Tue, Jul 6, 2010 at 3:58 PM, Tomas L. Byrnes <tomb@...neit.net>
> wrote:
> > ...
> > So the solution is to take what is currently an NP-complete problem
> for
> > individual nodes: string matching and behavioral analysis; and turn
> it
> > into a bounded problem across all participating nodes
> 
> that method is only applicable to a small and less useful set of
> measurements / modeling of critical infrastructure. 
[Tomas L. Byrnes] 
I strongly disagree. Since the vector of source attack against most CI
is from the "great unwashed" protecting the "great unwashed" from being
turned into zombies, or at least, if they are zombies, from being
controlled, is a major public benefit.


there is rarely
> need to consider the minutiae of so many small details. (though
> NSA/DIA would argue otherwise ;)
[Tomas L. Byrnes] 
You assume that they are concerned, as opposed to merely grab
everything, and apply signal processing to find the signal in the noise.

> 
> for the majority of targeting you need only concern yourself with the
> larger path / node aggregation points to discern the few points /
> paths of interest. the few points referring to power and other law
> distributions applicable to critical infrastructure network topology
> across every industry.

[Tomas L. Byrnes] 
There's even a patent app on it, owned by AT&T: USPTO app 20060031575






_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ