lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <89953.1287770934@localhost>
Date: Fri, 22 Oct 2010 14:08:54 -0400
From: Valdis.Kletnieks@...edu
To: full-disclosure@...ts.grok.org.uk
Subject: Re: wikileaks still under attack,
	pressure revved up

On Thu, 21 Oct 2010 13:06:15 PDT, Jonathan Medina said:
> I am in the military, currently in Iraq, and these Wikileaks posts
> have hurt us more than people realize. It does two things, first, it
> demonstrates our tactics and procedures which allow insurgents to
> conduct more effective attacks against us,

I suspect that the insurgents already knew 90 to 95% of our tactics and
procedures simply by observing how we do things. After all, most of what we do
can be easily learned by a good scout with a vantage point and a good pair of
binoculars.  How far apart do we drive on a convoy?  Which armaments are
on the vehicles in front, at back?  Which directions do the lookouts on the
first and last vehicles tend to look?  What formations do we use during
house-to-house searches?  These are all things that any competent
commander has to assume the other side knows because the other side
has good scouts and access to binoculars.  Think - how much do *we*
know about insurgent tactics even without Wikileaks posting the
insurgent playbook?

As a result, even 100% perfect knowledge of our tactics wouldn't
translate into all *that* big an increase in attack effectiveness, unless
hidden in that 5% is a "ventilation shaft that leads directly to the reactor
core" flaw in our tactics ("Every 3rd Tuesday, we do XYZ and one very small
bomb in the right place would set off a chain reaction of all the munitions on
the base").

And if we have that sort of flaw in our tactics, maybe we should actually
fix them rather than depend on security through obscurity.

Just sayin'.

>                                                                  and second, the information
> it provides to insurgents endangers our sources and the families of
> sources that have provided us with valuable information. It also
> provides a means of giving insurgents propaganda to use against us.

I believe the "endangers our sources" part has already been debunked
by the top leadership at the Pentagon.

Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ