[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <cef6b7a4-25ab-4003-a33a-7fdcc975e9fe@email.android.com>
Date: Fri, 18 Oct 2013 08:10:48 +0100
From: Scott Herbert <scott.a.herbert@...glemail.com>
Cc: cpunks <cypherpunks@...nks.org>,
Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Foreign Intelligence Resistant systems [was
Re: reasonable return on investment;
better investments in security [....]]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Breathe...
But yes all governments it appears are at it. Remember APT1 and the Estonia take-down by Russia.
Sadly I can see a day where membership of an international list like these, is considered akin to spying for everyone else.
Sigh.
coderman <coderman@...il.com> wrote:
>i must amend this prior advice.
>
>in addition to legal protections, educational support, and competitive
>programs,
>
>also provide:
>- direct and unrestricted backbone access to various individuals or
>groups who demonstrate competence in either the educational or
>competitive realms, in order for them to mount additional attack
>strategies against any reach-able target. this access must consist of
>both passive taps of backbone traffic as well as injection taps for
>raw packet transmission at core rates. this should be available on the
>Internet backbone at internet exchanges, private fiber through public
>right of way, and core networks of operators of licensed wireless
>spectrum.
>
>
>a side benefit of implementing these reforms would be the de-facto
>de-funding of offensive network operations by third parties or
>governments. the cost to keep ahead of such a widespread, popular, and
>distributed effort would be enormous, and provide continually
>decreasing returns.
>
>
>... getting there is much more complicated of course. *grin*
>
>
>---
>
>
>On Sun, Apr 21, 2013 at 1:29 PM, coderman <coderman@...il.com> wrote:
>> On Fri, Apr 19, 2013 at 1:26 PM, <paul.szabo@...ney.edu.au> wrote:
>>> ...
>>> > 2012-02-15 - Vulnerability Discovered by VUPEN
>>> > 2013-03-06 - Vulnerability Exploited At Pwn2Own 2013 and Reported
>to Adobe...
>>>
>>> Is a delay of a year before reporting to the vendor, acceptable?
>>
>>
>> three years or more is better of course! i would not be disappointed
>> with a dozen months, however.
>> alas external factors (especially when licenses are non-exclusive)
>> complicate longevity of weaponized exploits...
>>
>>
>> if you really want to improve security:
>> a) remove all criminal and civil liability for "hacking", computer
>> trespass, and all related activities performed over data networks;
>> establish proactive "shield" legislation to protect and encourage
>> unrestricted security research of any subject on any network. extend
>> to international agreements for blanket protection in all
>> jurisdictions.
>> b) establish lock picking, computing, and hacking curriculum in pre
>> school through grade school with subsidized access to technical
>> resources including mobile, tablet, laptop test equipment, grid/cloud
>> computing on-demand, software defined radios with full
>> receive/transmit, and gigabit internet service or faster.
>> c) organize a program of blue and red teaming challenges for
>> educational and public participation at the district, regional, and
>> national level cultivating expertise and rewarding it with hacking
>> toys, access, and monies.
>>
>> if implemented, i can guarantee a significant and measurable
>> improvement in the security posture of the systems that remain in
>> such an environment.
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
- --
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-----BEGIN PGP SIGNATURE-----
Version: APG v1.0.9
iQFMBAEBCAA2BQJSYN73LxxTY290dCBIZXJiZXJ0IDxzY290dC5hLmhlcmJlcnRA
Z29vZ2xlbWFpbC5jb20+AAoJEJHf3PUjVwdRJ08H/09c9UtHcJ2sURyXdILyo86Q
zK9K4lt79HHPncVT2iZthg6lLeQkWptGrHBDGN9BU+RE/cbpHkaMBHuQB9tDA5xm
Yrn2new55Y9JvEDuQzwDKMPbtjTcBx9vtCNGvQhnGwMyid6pIkaDs8NqSrbRLQ3c
P0Knhxz4KWCQxNUpqakrHkm/HwzK6tX1va5WyREOxVjoaodzBroM2HtHhm6BjPn4
xgfYIsiAyoZIAlQTVNfi0iEfM0Oj+IGWPZngAA1qIjUJdMvkkRE9EQX3ggHeYLTc
WN2A+dLvI17jqXqt2awsdrFLCy38lHYfeM7iOCUB1sAxHSGb92CcskMaQXXt11s=
=sp3K
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists