He never said it came from North Korean IPs; he said it came from IPs known to be used by North Korea.

At best, this means some IPs in China that have been tied to attacks on South Korea.

At worst, it's completely meaningless.

I read the infosec part. The report criticizes DHS for concentrating on vulnerability management and using signature-based detection, which it suggests is not worthwhile because of zero-day vulnerabilities. It criticized the DHS for not following best practices itself.

That criticism is fair, but also applies to almost all infosec efforts, both in the public and private sector.

The only suggestion offered by the report was to cite a "cybersecurity expert" who says we should focus on deterrence. The report did not explain what deterrence means in this context. What are they suggesting? We hang malware to death to set an example? We sanction North Korea every time we think maybe they sponsored an attack that we traced back to China? The metaphor to warfare does not hold, and that failure is lost on the author[s] of the report. They don't get it.

Why does anybody care what a 66-year-old doctor from Wyoming thinks about information security?

The report criticizes the DHS as ineffective at "cybersecurity" because of.. zero days or something.

It's clear that neither Coburn, nor the author of the report, understands infosec or how it is different from kinetic war. You can't amass troops or use force. It's very difficult to even know who attacked you.

You can do something like building defensive lines, but that's exactly what the report criticizes.

Be careful, your ignorance is showing. The network going down had absolutely nothing to do with security issues.

What?

Security = Confidentiality + Integrity + Availability

Resistance to a D-DoS attack is absolutely security.

It is lame and despite the fact that I generally feel complaining about "free" things is a dickbag move here is why this is insulting.

Complain away.. this is NOT a free service.

They lock you out of hosting your own server so you have to subscribe to PSN.

I remember the days of Quake, when anybody could host their own server. If your server was popular, it became a virtual hangout.

Sony moved all the servers to their poorly built "PS Network" so they could control your experience and make you pay.

There has been a lot of this lately.. CEOs of companies with cutesy names like "SmartThings" and "Eyeotee" pitching their bullshit visions to posture as "thought leaders."

We have had internet-enabled devices for some time.

The only revolution here is that big business is trying to monetize your entire life, daily routines and all. They want you to trade all of your security and privacy for a crumb of convenience.

You are correct, if the DDoS relies on raw bandwidth.

Some DDoS attacks work closer to layer 7. E.g. ask the webserver to do something complicated and slow, maybe something that requires a bunch of database queries.

That kind of DDoS relies on asymmetry. .. The response is much more expensive than the request.

AFAIK nobody has said how the Christmas DDoS attacks worked.

1. The IPs they used for the DDoS are almost certainly known now.
2. There are several groups (Sony, FBI, probably Microsoft, some infosec companies) who want to see the botnet dismantled.
3. As each host is remediated or blocked (ISP walled garden), said botnet shrinks.

Unless these guys have some zero-days and malware kits up their sleeves, their DDoS capabilities will not be around for long.

We don't attack NK because they have enough bunkers on the North side of the DMZ to destroy Seoul. The bunkers are deep, and they could pound on Seoul with artillery for days before we could destroy all of them.

Oh yeah, and China would threaten us with war.

From the second paragraph of Schneider's paper:

Even if you hold a more conservatively estimate ...

Is "conservatively" an adjective now? Does nobody proofread their work anymore?

The untruths consisted of:

Accusing Republicans of passing the Patriot Act in 2000 â" the stupid law passed Congress 357 to 66, and Senate â" 98 to 1.

No, I said they rammed it through, which is different. The act was introduced by a Republican, and all House Repubs except 3 voted for it. For comparison, 62 Democrats opposed it.

Part of how Republicans rammed it through is by accusing Democrats of being weak on national security. I think you have an idea what I meant.

Accusing Republicans of introducing the civil forfeiture laws â" a mistake you've already acknowledged since.

No, I acknowledged there was history behind civil forfeiture.

It's interesting that you omitted the Comprehensive Crime Control Act of 1984, which was part of the Reagan-era ramp up of the War on Drugs. All the articles I've read call that act the turning point in Civil Forfeiture. Now who is lying by omission?

Implying, Republicans are the reason, our Second Amendment right is trampled â" and, at best, is treated as a mere privilege at best. You said nothing on this explicitly, but your post was a reply to mine, where I was talking about the Second Amendment and nothing else.

I don't think any reasonable person would read this thread and think I implied Republicans have trampled the second amendment.

No, you didn't explicitly say "Democrats are innocent", but a lie by omission is still a lie.

Talk about the pot calling the kettle black.. You have ignored many valid points that I've made (e.g. about NSA Warrantless surveillance) and have cherry-picked and flat-out put words in my mouth.

Let's not beat around the bush. Republicans have (throughout my lifetime) been the advocates of National Security at all costs, and Crime Control at all costs. They have pushed Democrats to the right on these issues by repeatedly accusing them of being weak of national defense, weak on terror, and weak on crime. You are right that Democrats have had a hand in it, but it is very reasonable to say Republicans have more culpability here.

I enjoy lively debate, and would continue this conversation if I thought you were serious about finding the truth. You only seem to want to argue in favor of your tribe, so I'm going to walk away from this conversation.