Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment Focused on attack instead of defense. (Score 5, Insightful) 247

Part of the problem is that many believe that we can attack our way to security. They are confused about the fundamental nature of attack and defense when applied to the internet. They don't understand the combination of global connectivity and automation. They don't understand that any action of internet attack or defense has unintended consequences.

In the old days, you could attack one thing. You could defend one thing. But, that doesn't map well to the internet. Now, we all talk to each other. We all use the same methods of defense. When one actor attacks another, the attack is exposed, analyzed, and re-used. Now, when somebody attacks, they increase the cost of defense for everybody. When somebody comes up with improved defense, we all learn how to increase the cost of attack for everybody.

For over a decade, several branches of the US government have focused almost all their energy on attacking others across the internet. The result is an internet where compromise and breach are daily events. Somehow, our protectors don't see that they are crafting the tools of our demise and handing them to our enemies. If we are honest, we are more to blame for the great compromise at the OPM than our attackers. If we had spent the last decade on creating and encouraging defense, then breach would be difficult and rare.

Now, our governments are blindly following the tradition of attack. They wish to attack the protocols we use to determine identity and create security. They don't see or care that everybody else will do likewise. They don't see the great devastation that will follow.

Comment The benefits of handling attack. (Score 4, Interesting) 44

I do IT Security for a research university. For the last 10 years, we have attempted to handle all incoming attack. Some gets missed, but we make an attempt. It is good work for the interns/trainees. We document the incident, block the attacking IP for an appropriate amount of time, and notify the remote abuse contact. We have found that handling attack provides significant benefits:
  • * Our security team remains functional. Ignoring incidents creates bad habits in the security team.
  • * It creates memory of how we are attacked. We need to know how we are attacked, so our defenses are anchored in reality.
  • * It greatly reduces the amount of attack. The number of attacks drop off sharply a couple weeks after we begin religiously reporting attacking IPs. We have tested this effect several times. When we stop reporting, it ramps up. When we start, it drops to about 1/10th it's prior levels.
  • * It notifies the owner/ISP of the remote computer that they are attacking. Usually they are also innocent victims.
  • * In the last few years, the percentage of remote resolutions has been climbing. Currently, about 1/2 of the reported non-Chinese incidents appear to result in remote resolution.

We utilize some automation to handle the load. We have a few honey-pots. We also monitor our dark IPs. We learned to distinguish DoS backscatter, and the various types of frequently spoofed attacks. We thought that an enterprising hacker would attempt to spoof an important Internet resource and cause us to auto-immune ourselves to death. So we whitelisted a bunch of critical external IPs and looked for critical spoofing. In the last 10 years the amount of spoofed attack has dropped drastically. We recently found an incident where an attacker spoofed a critical Google resource and tried to get us to block it. That is the only time we have detected that kind of spoofed attack.

We have found that most attackers (even governments) don't like to have their attack methods documented and publicized. We have found that some ISPs turn evil and knowingly host attack, but they are quickly and easily blocked until they go broke or come to their senses.

We have found many institutional scans. The best of these groups provide timely assistance to those who are making mistakes. In our view, the best groups include the ShadowServer Foundation, EFF, and the Chaos Computer Club. The worst of these groups are simply feeding on the mistakes of others. The worst groups provide no assistance to others. The worst groups actually have motivation to preserve or enhance the problems of others.

More info is available here:

Comment Re:Righthaven (Score 1) 67

What is right wing about filing a lawsuit to unmask a doe, suing that person, then settling for a much smaller amount. It seems this is used by many different trolls, and likely doesn't have any political ideology behind it. It is sleazy though. Filing a lawsuit with the intention of settling just to get a payout is wrong. It is short circuiting the justice system for personal profit.

Yeah that's neither right nor left, it's the universal language of greedy bloodsuckers.

Comment Re:Righthaven (Score 3, Interesting) 67

What is right wing about that process? The Democrats support the movie industry, not the Republicans.

The fact that Democrats support something doesn't negate the possibility of something being right wing. The Democrats are not ideologically pure, or ideologically homogenous, and very few of them can be considered "left".

To me, pretending that copyright is only about property rights, and ignoring the fact that copyright was also supposed to be about free speech and about making material available for free to the public after a limited time, is definitely "right wing".

Comment Re:DMCA needs to die (Score 1) 67

This has nothing to do with the DMCA, this is a straight out copyright infringement lawsuit being filed. The real problem is that the methods the copyright holders (or the copyright enforcement goons acting on their behalf) are using to identify torrent users aren't good enough and its good to see at least one judge willing to call these enforcers out on it.

Exactly. Would have been nice for judges to start doing this 11 years ago, but glad they've come around.

Submission + - All Malibu Media subpoenas in Eastern District NY put on hold

NewYorkCountryLawyer writes: A federal Magistrate Judge in Central Islip, New York, has just placed all Malibu Media subpoenas in Brooklyn, Queens, Long Island, and Staten Island on hold indefinitely, due to "serious questions" raised by a motion to quash (PDF) filed in one of them. Judge Steven Locke's 4-page Order and Decision (PDF) cited the defendant's arguments that "(i) the common approach for identifying allegedly infringing BitTorrent users, and thus the Doe Defendant, is inconclusive; (ii) copyright actions, especially those involving the adult film industry, are susceptible to abusive litigation practices; and (iii) Malibu Media in particular has engaged in abusive litigation practices" as being among the reasons for his issuance of the stay.

Comment Re: Voting - how to ensure a secret ballot? (Score 1) 69

At which point this solution degenerates into the same solutions that already exist, with the same problems. Take voter ID cards. Lots of people don't like them because they say it disenfranchises people who would have problems acquiring them, like the poor. A digital signature is going to have the same arguments.

But, I agree: that's not the point of the block chain, its ancillary. But involving the blockchain adds about as much towards solving the real problems with voting as saying "Hey! What if wrote down the votes, but not the person!" Ballot stuffing is about all the blockchain solves.

Comment Re: As much as possible (Score 2) 350

Same here with Maya. I've even thought about bumping it up to 64 GB from its current 32.

Really, anytime I see these kinds of articles pop up, I just substitute its title with "How much X is enough for our product's target market" anymore. They're really not useful as a general analysis, the desktop market is just to broad.

Comment Re:logs? (Score 4, Informative) 104

Actually, we got the same response when we offered to send the actual logs.

A very similar thing happened to USU. We received a summons from Homeland/ICE to produce 3 months of records (plus identifying info) for an IP that was one of our TOR exit nodes.

I eventually managed to contact the Special Agent in charge of the investigation. He turned out to be a reasonable person. I explained that the requested info was for an extremely active TOR exit node. I said that we had extracted and filtered the requested data, it was 90 4 gig files (for a total of 360 gigs of log files) or about 3.2 billion log entries. I asked him how he wanted us to send the info. He replied that all he needed to know was that it was a TOR exit node. I then asked again if he wanted the data. He said something like: "Oh God no! Somebody would have to examine it. It won't tell us anything. It would greatly increase our expenditures. Thanks anyway."

And that was the end of it.

YMMV. All Rights Reserved. Not Available In All States. It helps if your institution has it's own Police, Lawyers, and (an extremely active and effective) department of Journalism. And, it doesn't hurt if it is cheaper (and easier) for you to respond to the summons/subpoena, than it is for the Authority to issue it and deal with the result.

Comment Re:Why would they want to deal with that? (Score 2) 37

TOR exit nodes are nothing but trouble.

I think this is an issue where some are more equal than others.

If an individual runs a TOR exit node, they can be easily intimidated and hassled. There is very little cost to law enforcement for engaging in the intimidation.

At the other end of the spectrum, a large public institution is not susceptible to this kind of intimidation. And, there is a very large cost if law enforcement attempts the intimidation. For example, at the institution I support, if the local cops or low level FBI attempted this kind of intimidation, they would be met by the institution's police force, the institution's lawyers and the institution's journalists. Everything would be recorded in multiple ways. Heck, we even have a state assistant DA permanently assigned to USU. He participated in the process that created the policy and procedures approving the TOR infrastructure.

At this point, if a major university's CS group is not investigating TOR, they should probably give back the funding and become a trade tech. The issues surrounding TOR are critical to our society. A university should not turn it's back to these issues.

Given all that, a law enforcement attempt at intimidation would be ineffective. And, it would likely result in the kind of bad publicity that can cause law enforcement to lose budget.

However you have a good point, libraries are widely distributed in the gap between your unfortunate friend and USU. The smaller ones would be easily intimidated. The larger ones, not so much.

Slashdot Top Deals

If it happens once, it's a bug. If it happens twice, it's a feature. If it happens more than twice, it's a design philosophy.

Working...