Re: NIPC Daily Report, 30 October 2001

From: Heidi (mcps@private)
Date: Fri Nov 02 2001 - 14:27:37 PST

  • Next message: EKornber@private: "RE: Sign of the times?"

    Thank you Crispin, you always seem to come back with some very good comments
    and make good points, thank you for the links that you sent to read.  I
    suppose it is true, sometimes it is the very criticism I referred to that
    gets discussions going, but yes, the criticism should be done politely and
    constructively, not destructively. Heidi
    
    -----Original Message-----
    From: Crispin Cowan [mailto:crispin@private]
    Sent: Friday, November 02, 2001 12:25 PM
    To: Heidi
    Cc: CRIME
    Subject: Re: NIPC Daily Report, 30 October 2001
    
    
    Heidi wrote:
    
    >It is very apparent from the recent postings, that there is a lot of
    >frustration going on here.  There are a lot of smart people in this group,
    >perhaps everyone's energies could be put to better use, by thinking of ways
    >to better the situations at hand, i.e., ideas for stopping DoS attacks
    >"before" they reach the intended target,(is this possible? I am just
    >learning)
    >
    It is just barely possible. The technology has to be deployed high up in
    the network infrastructure, e.g. next to backbone routers. Companies
    developing such technologies include Captus Networks
    http://www.captusnetworks.com/ (who sponsored the RAID workshop last
    month http://www.raid-symposium.org/raid2001/ ) and Asta Networks
    http://www.astanetworks.com/ (founded by Stefan Savage, a friend of mine
    who did his PhD research at U.Washington in Seattle
    http://www.astanetworks.com/company/team/stefan.html )
    
    > and coming up with useful comments about airport and other
    >security that may actually be used, rather than cutting down the system in
    >use at present.
    >
    It is *fundamental* to good security design to criticize methods that
    are claimed to be secure, but are not. Failure to do so leads to a false
    sense of security, which in turn leads to attackers unexpectedly
    violating security. This is PRECISELY how the attackers took out the
    WTC.  "All that is required for evil to triumph is for good men to do
    nothing" --Edmund Burke
    
    So you see, it is our sacred duty to bitch & moan about other people's
    crappy security :-)  More constructively, we should all look to our own
    security procedures and ensure that they are as good as we think they
    are. Take criticizm in a constructive light, and look to improve your
    methods accordingly.  Issue criticizm in a polite and constructive tone,
    pointing out the flaws, and leaving out the ad homenims.
    
    > Yes, they may be taking away nail clippers, but you do have
    >other more effective ways to defend yourself and help others on the
    airplane
    >if you are in a threatened situation. Certainly with the smart people in
    our
    >group, there must be some good ideas out there for helping to improve
    >things.  A side note; we have over 35 million laws trying to enforce 10
    >commandments. Heidi
    >
    I have problems with a bunch of those commandments. Fully half of them
    are non-portable religion-specific doctrine: I fail to keep the sabath
    and take the Lord's Name in vain on a regular basis :-)  Unless you
    meant these commandments
    http://www.lysator.liu.se/c/ten-commandments.html (which by the way are
    topical to CRIME)
    
    Crispin
    
    --
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc. http://wirex.com
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:29:40 PDT