| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Oct 2010 23:44:04 +0100
From: "Cal Leeming [Simplicity Media Ltd]"
<cal.leeming@...plicitymedialtd.co.uk>
To: full-disclosure@...ts.grok.org.uk
Subject: Fwd: wikileaks still under attack,
pressure revved up
You do raise a very good argument, especially the part about "security
through obscurity".
I don't know if Wikileaks have done a good thing or not, but rather than
release everything, they should have had someone analyse the documents, and
pick out the bits which they felt the public needed to know (anything
considered a scandal etc) .. We don't care about soldiers movements or
tactics, but an insurgent might... I see little reason why they'd need to
release all the documents, other than out of lazyness/insufficient staff to
review all the info..
On Fri, Oct 22, 2010 at 7:08 PM, <Valdis.Kletnieks@...edu> wrote:
> On Thu, 21 Oct 2010 13:06:15 PDT, Jonathan Medina said:
> > I am in the military, currently in Iraq, and these Wikileaks posts
> > have hurt us more than people realize. It does two things, first, it
> > demonstrates our tactics and procedures which allow insurgents to
> > conduct more effective attacks against us,
>
> I suspect that the insurgents already knew 90 to 95% of our tactics and
> procedures simply by observing how we do things. After all, most of what we
> do
> can be easily learned by a good scout with a vantage point and a good pair
> of
> binoculars. How far apart do we drive on a convoy? Which armaments are
> on the vehicles in front, at back? Which directions do the lookouts on the
> first and last vehicles tend to look? What formations do we use during
> house-to-house searches? These are all things that any competent
> commander has to assume the other side knows because the other side
> has good scouts and access to binoculars. Think - how much do *we*
> know about insurgent tactics even without Wikileaks posting the
> insurgent playbook?
>
> As a result, even 100% perfect knowledge of our tactics wouldn't
> translate into all *that* big an increase in attack effectiveness, unless
> hidden in that 5% is a "ventilation shaft that leads directly to the
> reactor
> core" flaw in our tactics ("Every 3rd Tuesday, we do XYZ and one very small
> bomb in the right place would set off a chain reaction of all the munitions
> on
> the base").
>
> And if we have that sort of flaw in our tactics, maybe we should actually
> fix them rather than depend on security through obscurity.
>
> Just sayin'.
>
> > and
> second, the information
> > it provides to insurgents endangers our sources and the families of
> > sources that have provided us with valuable information. It also
> > provides a means of giving insurgents propaganda to use against us.
>
> I believe the "endangers our sources" part has already been debunked
> by the top leadership at the Pentagon.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Cal Leeming
Operational Security & Support Team
*Out of Hours: *+44 (07534) 971120 | *Support Tickets: *
support@...plicitymedialtd.co.uk
*Fax: *+44 (02476) 578987 | *Email: *cal.leeming@...plicitymedialtd.co.uk
*IM: *AIM / ICQ / MSN / Skype (available upon request)
Simplicity Media Ltd. All rights reserved.
Registered company number 7143564
--
Cal Leeming
Operational Security & Support Team
*Out of Hours: *+44 (07534) 971120 | *Support Tickets: *
support@...plicitymedialtd.co.uk
*Fax: *+44 (02476) 578987 | *Email: *cal.leeming@...plicitymedialtd.co.uk
*IM: *AIM / ICQ / MSN / Skype (available upon request)
Simplicity Media Ltd. All rights reserved.
Registered company number 7143564
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists