Re: NIPC Daily Report, 30 October 2001

From: Crispin Cowan (crispin@private)
Date: Fri Nov 02 2001 - 12:25:05 PST

  • Next message: Christiansen, John R.: "RE: Sign of the times?"

    Heidi wrote:
    
    >It is very apparent from the recent postings, that there is a lot of
    >frustration going on here.  There are a lot of smart people in this group,
    >perhaps everyone's energies could be put to better use, by thinking of ways
    >to better the situations at hand, i.e., ideas for stopping DoS attacks
    >"before" they reach the intended target,(is this possible? I am just
    >learning)
    >
    It is just barely possible. The technology has to be deployed high up in 
    the network infrastructure, e.g. next to backbone routers. Companies 
    developing such technologies include Captus Networks 
    http://www.captusnetworks.com/ (who sponsored the RAID workshop last 
    month http://www.raid-symposium.org/raid2001/ ) and Asta Networks 
    http://www.astanetworks.com/ (founded by Stefan Savage, a friend of mine 
    who did his PhD research at U.Washington in Seattle 
    http://www.astanetworks.com/company/team/stefan.html )
    
    > and coming up with useful comments about airport and other
    >security that may actually be used, rather than cutting down the system in
    >use at present.
    >
    It is *fundamental* to good security design to criticize methods that 
    are claimed to be secure, but are not. Failure to do so leads to a false 
    sense of security, which in turn leads to attackers unexpectedly 
    violating security. This is PRECISELY how the attackers took out the 
    WTC.  "All that is required for evil to triumph is for good men to do 
    nothing" --Edmund Burke
    
    So you see, it is our sacred duty to bitch & moan about other people's 
    crappy security :-)  More constructively, we should all look to our own 
    security procedures and ensure that they are as good as we think they 
    are. Take criticizm in a constructive light, and look to improve your 
    methods accordingly.  Issue criticizm in a polite and constructive tone, 
    pointing out the flaws, and leaving out the ad homenims.
    
    > Yes, they may be taking away nail clippers, but you do have
    >other more effective ways to defend yourself and help others on the airplane
    >if you are in a threatened situation. Certainly with the smart people in our
    >group, there must be some good ideas out there for helping to improve
    >things.  A side note; we have over 35 million laws trying to enforce 10
    >commandments. Heidi
    >
    I have problems with a bunch of those commandments. Fully half of them 
    are non-portable religion-specific doctrine: I fail to keep the sabath 
    and take the Lord's Name in vain on a regular basis :-)  Unless you 
    meant these commandments 
    http://www.lysator.liu.se/c/ten-commandments.html (which by the way are 
    topical to CRIME)
    
    Crispin
    
    -- 
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc. http://wirex.com
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:29:37 PDT