Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Orion is the best counter for large incoming mass. (Score 3, Interesting) 272 272

If you actually want to effectively counter the "Dinosaur Killer" scenario, the best answer is early detection and a large "Orion" ship. See: https://en.wikipedia.org/wiki/...

We could have build a large Orion propulsion ship anytime in the last 40 years. It would probably cost less than an aircraft carrier. A large Orion propulsion ship could get almost anywhere in the inner solar system in a few weeks. And the propulsion system will work just fine to redirect another large mass. Yes, there will be a bunch of fallout damage from the initial take-off, but we can decide where to place it. and the fallout damage from Orion's propulsion is tiny compared to the damage from an asteroid strike.

I have always hoped that there was a secret plan to convert our offensive arsenal into Orion propulsion if the need occurred.

Comment: A bit obtuse, but not bad. (Score 2) 55 55

As security definitions go, "Security is the set of activities that reduce the likelihood of a set of adversaries successfully frustrating the goals of a set of users." is not bad. It is a bit obtuse. It lends itself to Venn diagrams and powerpoint. It is also weakened by it's fixation on adversaries. Adversaries are nice if you can blame them, but usually, you are your own worst enemy.

The worst security definition that I have seen is the one currently used by the US Security communities. Geer stated it as: "..the absence of unmitigatable surprise." This definition is horrible. It offers you no guidance on prioritization or limits. This definition says you are insecure until you have achieved omniscience and omnipotence.

The best definition of security that I have found is: "Security is a MEANINGFUL assurance that YOUR most important goals are being accomplished." This is easily understood by everybody and it guides you to effective action. Using this definition you are guided to create and maintain the potential for success. The other definitions ultimately force you to focus your efforts on less important objectives.

Comment: Only 3K PPS of attack? I thought it would be more. (Score 4, Interesting) 58 58

We see 3k PPS of attack and we probably have 1/8th of their address space. Remember, you need to scale by address space. Utah's state network is one of 3 early Utah experiments in municipal broadband. The other 2 are UEN and Utopia. When it was set up, IP addresses were allocated in /8, /16 and /24 chunks. They probably got a /16 (65K addresses) for each major department. In total, the Utah state government network probably has at least a million public IP addresses.

If you have a million public IPs, you catch about 3 million attacks every time somebody messes around with Z-Map or MasScan. They always try it at least 3 times. That is 1% of that scary 300 million per day total. And there are a lot of people in the world playing with Z-Map.

I do IT Security for Utah State University. We are at the North end of the state. We see about 3k PPS of attack all the time. We have 128K of public IP address space. Most days, we are at about 300K PPS at the border. 3K PPS of attack is about 1% of the total. Having 1% attack be incoming packets is normal for the last few years for us. This works out to about 1 attack packet per IP address every 30 seconds. Of course, almost all of them are rejected at the border. Most of my peers are seeing the same attack levels. But, all my peers are at universities.

However, In the last couple years the attack has shifted. Now, about 1/2 of our detected attack is sponsored or condoned by the Chinese government. The rest is evenly divided between other governments and organized crime. We assume that this shift is the inevitable consequence of the current cyberwar. The shift has also made it easier to do most attribution. Almost all attack by civil servants is easier to identify. It is predictable. It follows patterns. It has preferential quality of service. When you report abuse from a non-government attacker, it shifts methods, or stops, or moves to another target. When you report abuse to a government attacker, it increases. Sometimes it improves.

The shift in attack may be local to Utah and due to the NSA facility, but I think it is more likely that we are all screwed.

Comment: Don't know about hackers, but China is helpful.. (Score 1) 69 69

I don't know about hackers, but lately China has done more to help me secure my university than the NSA, FBI, and Homeland Security combined.

I do network and computer security for a university. In the last couple years we have received a couple alerts from the FBI. The info was fairly old and limited in scope. And, they didn't want us to share the info with those who really needed to have it.

In the same period, the Chinese government has instituted a program of rigourous scanning and vulnerability assessment against my university. If I pay close attention, I discover all kinds of useful information. They have shown me 0-day exploits. They have taught me devious manipulations. They have even taught me a ingenious method of detecting firewall failure.

The Chinese give me daily updates on the latest hacking techniques. They never complain if I share the info. And they don't waste my time with meaningless paperwork. If I wasn't getting it for free, I would be willing to pay for this service. I don't understand why my government can't be as helpful

Comment: Depends on your attacker. (Score 1) 467 467

My experience may not be applicable to you. I do IT Security for a university. We encounter a wide variety of attackers from script-kiddy to aggressive hostile government.

When our attackers desire to remain hidden, we usually can not detect and remove them using any common tool. The techniques for remaining in hidden control of systems are straightforward, effective and available to any attacker. We can detect all kinds of stuff by carefully inspecting network activity, but learning to do it takes years. And, analyzing 1 machine's traffic is slower than real-time.

For example, a while ago one of my coworkers managed to crack the C&C for a major fake-antivirus group. For 2 months we grabbed the rootkits as they went by. Code on compromised machines was updated daily. VirusTotal pronounced it all clean. Usually, the victims had no clue. None of the virus or malware detectors/removers would regain control of a compromised system. Sometimes the utilities would claim to have done something. It was never complete or successful. On the other hand, if we isolated a compromised machine from the C&C for 3 weeks, some of the utilities would start to be effective. At 6 weeks, almost all of them were effective. Of course, this fake antivirus group was indiscriminate and had a huge footprint.

We still use Microsoft Security Essentials or EndPoint Protection. It almost never prevents compromise, but in some circumstances it will let us know that that we have been had. Some attackers get what they want immediately and don't try to hide. Others break discipline after a few days or weeks. Then there are the ones that get what they want and sell you to less capable attackers. Finally, if the user/machine is vulnerable to attack then the machine eventually gets infested with multiple attackers. Once multiple attackers start interfering with each other, something always gets dropped.

We always recommend a "change passwords/backup/wipe/rebuild/restore" when we discover compromise. Even then, sometimes an attacker regains control by hiding hostile code in user files.

The preventative measures that seem to be most effective for us are:

  1. 1) Some form of Addblock. The primary attack vector for most of our people is hostile browser adds.
  2. 2) Limiting the execution of unwanted browser code. We recommend Chrome/Click-To-Run for most users. Motivated users can get better protection with Firefox/NoScript.
  3. 3) Working with our users to improve our defenses. See: https://www.youtube.com/playli...

Comment: Inexplicable gaps in Crypto products. (Score 1) 421 421

In my completely uninformed opinion, there seem to be inexplicable and congenital faults in IT's use of cryptography.

A few crypto products need efficiency and performance. But, many don't. Many existing products are optimized for efficiency and performance, even when these goals are contrary to the stated goals of the product. Frequently, crypto solutions unnecessarily limit the size of keys. They extend the lifetime of keys. They limit the number of available keys. In many cases, all three of these latter goals are false savings.

We rarely use symmetric crypto, even though it is frequently simpler and more robust. Public Key is almost always preferred, even when it is easy to distribute keys.

Reliable, trustworthy sources of truly random numbers seem to be very useful, inexpensive, and straightforward to create. See: http://en.wikipedia.org/wiki/C...

If we are interested in secure communications, it should be normal and expected that we would pick up several hardware random number generators. We should have multiple simple, robust, trustworthy tools to generate symmetric keys. We should have multiple tools to utilize simple, robust, trustworthy symmetric crypto.

Instead, we seem to focus on always using a single complex public key solution even when it is not appropriate.

In my ignorance, I have been trying to map out a simple, robust tool for system administration, that makes use of symmetric crypto. See: https://it.wiki.usu.edu/201501...

I would really like to learn that I have been wasting my time.

Comment: Re:Anyone can intercept SSH some of the time (Score 1) 278 278

This guide doesn't recommend disabling passwords. That's a huge omission.

Thanks. I figured that was obvious enough to not need explanation. So I decided it was out of scope. But, I am wrong all the time.

I am assuming you feel that we should teach our admins to test all their SSH passwords against standard attack dictionaries and disable/notify any that fail. This is a good idea. I will try to add it tomorrow.

Are there other conditions that are detectable by SSH admins that require disabling passwords?

Comment: Re:Anyone can intercept SSH some of the time (Score 1) 278 278

You should have user honeypots. Once in a while present a fake certificate. If the user ignore the wrong fingerprint and type in the correct password, reset the account password.

That is an interesting idea. It is easy to MITM our SSH client connections. But, this control comes with a large expense. Because it is easy for our clients to see Security's actions, and it is hard for them to see the actions of attackers, they will conclude that Security is being evil for no good reason. This will greatly reduce our effectiveness by isolating Security from our community. Other controls may mitigate this problem with less expense.

For example, we are currently pushing our people to adopt widespread 2-factor authentication. Our people are ready to accept 2-factor. They understand it's value. They are familiar with it's use. We have multiple cheap 2-factor solutions. 2-factor somewhat mitigates MITM and also helps other issues.

That said, I think we really need a simpler form of SSH for trusted point-to-point communications. It should exclusively use pre-distributed one-time pads for it's authentication and encryption. We can now generate and distribute 100+ Gigabyte files of true-random data. This data can be used to authenticate. It can be used to generate secure symmetric encryption keys. We can handle millions of secure connections before we need to redistribute pads again.

Since I am not a cryptographer, this idea has many problems. But I believe that securely using these huge one-time pads could be as easy as:

  • Ask Schneier for a good, symmetric encryption algorithm :)
  • Select a key-size that is twice as long as Schneier thinks we need :) So, if Schneier thinks 512bits are fine, we use 1024 bit keys. This is only 128 bytes.
  • Generate about 128 Gigabytes of random data from a truly random noise source. Use 64Gigs of it for connection keys. That will allow about 512 million connections. This may be excessive and need to be adjusted.
  • Use the rest of the Random data 2 Gigs at a time. This gives you 32 records. The server always gets the first copy/install of the file. The server always uses the first record. Each subsequent client copy/install uses the data in it's record for install identification and session identification. This may not be enough records. It may need to be adjusted. But, it probably should not increase to hundreds. If there are too many copies, it is impossible to protect confidentiality.
  • Throw away the first key record. You can spare some. Use that space to write down the GMT time-stamp when this file was created and the number of times the file has been copied.
  • Use the next key record as the FileID for this file.
  • The server only tries to use uses 1 pad file at a time.
  • When the server starts up, it skips down the number of keys indicated by it's current key index or the number of minutes since pad creation, whichever is greater. If the server detects that GMT time is running backwards, it should terminate with a descriptive error message.
  • Every minute, it switches to the next key in the list. Don't worry, this will only use up 10 million of your possible keys in 20 years. The server should not attempt to respond to more than one connection attempt per second.
  • Whenever the server has authenticated a successful connection, it switches to the next key in the list.
  • When something pokes it's port, the server assembles a message that says something like: Number of non-padding bytes in message. Message Type 0. Server Message#1. I have received 0 of your messages. I am copy 1 of the file with the ID of #FileID. My Copy ID is (the first field in my Copy ID Record). The local time is (current time). The number of times I have incremented keys is: (CurrentKeyIndex). The number of successful connections is (ConnectionNumber). The authentication number for this connection is (use ConnectionNumber to index into the Copy ID Record and retrieve the value). Optional padding. End of Server Message #1.
  • Then the server encrypts all that info using the current encryption key and sends it out to the client. It should all fit in a standard ethernet/IP/TCP packet. All messages must be padded to the same length. A good starting message length is probably 1400 bytes.
  • The client uses the current time as a guess to a starting index into the key data. It should probably start 1 before to allow for sloppy timekeeping. It sequentially tries each key until it manages to decrypt the server's message. It should probably give up and fail with an error if tries more than 20 keys. This number may need adjusting. When it fails, the client drops the connection without saying anything.
  • If the client decodes the server message, it then checks it's own expected and calculated information against the info provided by the server. If it doesn't check out, it drops the connection and sends an urgent error message that somebody is attempting to mimic the server using a replay attack. If it checks out, it uses the key to encrypt it's response. It also updates it's CurrentKeyIndex.
  • The response of the client looks like: Number of non-padding bytes in message. Message Type 1. The latest message I have decoded from you is (LastServerMessageNumber). This is my Message #1. Nice to meet you. I am copy (whatever) of the file with the ID of #FileID. My Copy Id is (the first field in my Copy ID Record. My local time is (timestamp). I have now updated and crossed off (CurrentKeyIndex) number of keys. My number of successful connections is (ConnectionNumber). The authentication number for this connection is (use ConnectionNumber to index into the Copy ID Record and retrieve the value.) Optional padding. End of Client Message #1.
  • Then the server checks the client's supplied info for inconsistencies. If it fails, the server crosses off the key, drops the connection, and sends an urgent error message that somebody is attempting to mimic the client via a replay attack. It if checks out, the server sends an encrypted acknowledgement, and updates it status information on that copy of the file.
  • Once the client receives the acknowledgement, it updates it's info on the server. Then both sides continue the encrypted conversation. The conversation looks like a sequence of encrypted messages.
  • Most messages have the same format: Number of non-padding bytes in message. Message Type 2. Timestamp. From (Copy #) To (Copy #). Your latest message was (whatever). This is my message (whatever). [MESSAGE CONTENTS] Optional padding. End of message (whatever).
  • You will also need some utility messages. A NAK may look like: Number of non-padding bytes in message. Message Type 3. Timestamp. From (Copy #) To (Copy #) Please re-transmit everything after message (whatever). This is my message (whatever). Optional padding. End of message (whatever).
  • A FIN may look like: Number of non-padding bytes in message. Message Type 4. Timestamp. From (Copy #) To (Copy #) Your latest message was (whatever). Time to say goodbye. Optional padding. End of message (whatever).
  • A Change Key may look like: Number of non-padding bytes in message. Message Type 5. Timestamp. From (Copy #) To (Copy #) Your latest message was (whatever). I'm feeling paranoid. Lets change to the next key. Optional padding. End of message (whatever).
  • An Oh Shit may look like: Number of non-padding bytes in message. Message Type 6. Timestamp. From (Copy #) To (Copy #) Somebody just showed up with a NSL. I'm wiping my key-files/one-time pads. You should wipe this key-file/pad. Send lawyers, money, guns. So long and thanks for all the fish. Optional padding. End of message (whatever).

As you can see, this system is very simple,crude and inefficient. We are just re-implementing the old concepts of secure phones using 1-time pads. None of this is new. We can use simple logic because we don't want or need complexity. It allows for 1 server and multiple clients. You have to redo this logic to have more than one server per pad/keyfile. It only solves one problem, but it is so simple that it should eliminate almost all opportunity for logic and programming flaws. Remember, complexity is the enemy. We don't care about efficiency. We want security. The NSA has used feature creep to corrupt many forms of existing crypto.

This proposal is connection oriented, but it can run on TCP or UDP or ICMP. You probably want to use TCP to reduce spoofing, DoS opportunities and sort out some of the low level attacks. If you do, you have to remember that you can't trust TCP to eliminate spoofing or verify message delivery.

Comment: Re:Anyone can intercept SSH some of the time (Score 1) 278 278

Protecting SSH communications for your organization is fairly straightforward if you do some work. You need to use multiple layers. Here is our guide to protecting SSH:


We try to use multiple overlapping security layers to protect SSH:

  • * If possible, use firewalls to limit the vulnerable scope of SSH to a few trusted hosts.
  • * Configure firewalls to limit credential guessing by rate-limiting connections to the SSH port.
  • * If possible, treat the SSH Port as a shared secret. Then, only interesting, targeted attacks find the SSH server. In many situations, this gives you very real protection. This protection is based on the very real increase in cost for an attack to find and attack an SSH server on an alternate, properly obscured port.
  • * The SSH server should not allow known usernames including root. The attacker must find a username.
  • * Motivated admins should use 2-factor authentication to access their critical SSH servers.
  • * Admins are trained to create good passwords for their usernames.
  • * SSH users should verify the identity of their systems when they first connect.
  • * System admins must regularly review the activity of their SSH servers.
  • * Security monitors all SSH connections, including ones on non-standard ports. We follow up on interesting connections.
  • * We have SSH Honeypots that help us track, understand and respond to SSH attack. These Honeypots allow us to track which credentials are being attacked. They give us advance warning when a institutional credential is attacked. And, analyzing the use of unique credential lists gives us insight into our attackers.

Much of this work can be automated. The rest is excellent training material for new security recruits and interns.

Looking back, the main change I should have made to improve our SSH protections would be to default block incoming TCP/22 at the border years ago. Then, only allow it for groups that can show they use it to provide services to a large community. Anybody using SSH for administration can change the SSH port.

Comment: Inflating the Exploit marketplace hurts us all. (Score 1) 118 118

Anything that inflates the Exploit/Vul marketplace just hurts us all. We can fight hackers. We can even fight governments. But, we can't fight economics. If economics strongly encourage the discovery and secret utilization of exploit, we are all doomed. A few may experience a short-term benefit from a booming market in exploit and vulnerability, but the consequences of that marketplace will harm all the rest of us. The only sane behavior is to do everything we can to depress the market for vulnerability and exploit. We have to change the economics.
  • 1) The government must always, immediately, publicly, disclose any purchased vulnerability or exploit. Once they are for sale, there is no point in keeping them secret. Secrecy inflates the market. Then the market creates more vulnerability and exploit.
  • 2) Any benevolent government should target the exploit marketplace. This is a sensible and reasonable target for the NSA and the FBI. The exploit market creates the uncontrollable weapons of the internet apocalypse. Any exploit or vulnerability that the FBI or NSA can seize from others should be immediately published. This will suppress the desirability of the goods in the exploit marketplace.
    • * The legal fictions of intellectual property should never be allowed to adhere to exploit information.
    • * There is no public interest in preserving exploit.
    • * There is a great deal of public harm in encouraging exploit.
  • 3) For the good of us all, we need to beat the NSA black and blue and force them to publicly disclose any of their vulnerabilities and exploits that are over a year old.
    • * This provides the NSA with tangible deliverables that they can use to justify their existence and we can use to measure their competence.
    • * This gives them a year to play with their toys.
    • * This will greatly suppress the exploit marketplace.

Comment: Re:Sounds awesome except.... (Score 1) 191 191

The problem is also that the USPO granted the patent in the first place :/

I heartily agree. Improving the process of litigating patents is nice, but we really need to improve the quality of granted patents. I believe that this problem is solvable, if we can muster the courage to admit that we have made mistakes in managing the patent office. In my opinion, the most important of these mistakes are:

1) More patents are not better than fewer patents.

Patents are not Innovation. Patents are not Progress. Patents are simply grounds to file a lawsuit against an industry. More Patents are simply more grounds for more lawsuits. An occasional lawsuit might spur innovation. BUT LAWSUITS DO NOT PRODUCE. Lawsuits are parasitic on innovation and production. Reform must recognize that patents are dangerous monopolies. Reform must place hard limits on the number of patents.

2) Running the US Patent Office as a cost-recovery operation is a mistake.

The US Patent Office is a very small, but critical component of the US economy. It's purpose was "..to promote the Progress of Science and useful Arts.." (US Constitution Article One, Section 8(8).) But, once the USPTO became completely cost recovery (Omnibus Budget Reconciliation Act of 1990, Title X, Subtitle B), that primary goal became overshadowed by the more pressing goal of securing funding via patent fees. The primary effect of cost recovery has been to promote the collection of patent fees.

Reform is painful, but simple. Admit cost recovery is a failed experiment. Revert the funding model to the model used for the first 200 years. The USPTO must be centrally funded by the US government. Any collected fees should be returned to the US Government.

3) It is a mistake to organize the US Patent Office to create economic incentives to grant poor patents.

Currently most of the revenue of the US Patent Office comes from GRANTING patents. See the USPTO FY 2013 President's Budget page 37: www.uspto.gov/about/stratplan/budget/fy13pbr.pdf "..More than half of all patent fee collections are from issue and maintenance fees, which essentially subsidize examination activities." A recent study by the Richmond School of Law found that the USPTO's actual grant rate is currently running at about 89%. In 2001, it was as high as 99%. See http://papers.ssrn.com/sol3/pa... page 9. In 2001, it didn't matter if an application was overbroad, obvious, trivial, a duplicate, or unreasonable, they ALL got granted. Things haven't improved much since then.

Reform could come in many forms, but the simplest and most reliable would be to eliminate and unify the Patent office fees into a single filing fee. This fee would provide no guarantee of receiving a patent, only a guarantee that your patent would be considered. This would free the Patent Office to be able to deny poor patents. The filing fee should be high enough to discourage spurious patent applications.

4) Scaling up the Patent Office to produce more poor quality patents is a mistake.

Currently, we expand the number of patent examiners based on demand. See the USPTO FY 2013 President's Budget, page 60, Gap Assessment: "Meeting this commitment assumes efficiency improvements brought about by reengineering many USPTO management and operational processes (e.g., the patent examination process) and systems, and hiring about 3,000 patent examiners in the two-year period FY 2012 and FY 2013 (including examiners for Three-Track Examination)." Again, the assumption is, more patents are better, even if it means decreasing examination, and increasing the number of untrained examiners. Poor quality is an inevitable result of this patent process.

Reform must tightly control and limit the number of patent examiners.

5) It is a mistake to grant all patents that meet minimum standards.

A review of the last couple decades changes in the patent approval criteria will reveal that the minimum standard for granting a patent has consistently shifted downwards. We must abandon the idea that any patent that meets minimum standards is granted. Over time, the standard always degrades. Reform is easy. You rank Patent Applications according to an agreed measure of quality, and only grant the top few percent. Over time, the pressure will be to improve the quality of patent applications, instead of degrade them.

6) Finally, please consider that it is a mistake to allow patent applicants to modify or extend their patents after submission.

This complicates the patent pipeline. It facilitates ‘submarine’ patents. It enables capturing Standards. It also enables gaming the patent system. Reform must simplify and reduce the patent process. Patents should be quickly evaluated. Most should be denied. If an applicant wishes to modify a denied patent, they should alter it, resubmit, and pay a new filing fee.

Real patent reform is possible. The pressures that currently give rise to bad patents are fairly obvious. We can mitigate those pressures and institute processes that tend to increase patent quality. If we can just summon the courage and political will to correct our mistakes.

Comment: How do we clean this radioactive, toxic swamp? (Score 1) 143 143

At this point, governance of the NSA is a constitutional sham. There is no just rule because there is no consent of the governed.

There appear to be 2 paths forward.

  1. 1) The path of trusted representation. If you can trust your representatives, maybe you can trust their oversight. This is the pathway that started with Frank Church and lead to Dianne Feinstein. The problem is, how do you regain trust when it has been so thoroughly abused? We now have lots of evidence that both the process and the people involved in this distribution of trust are not trustworthy. Simply resetting the process will not restore trust.
  2. 2) The path of transparency. For the last few years, our dreams of empire have tempted us to discard openness, transparency and rightful rule. But these are the very things that have created and preserved us. There is nothing new about the temptations of tyranny. The dream of power has not changed or evolved in the last few thousand years. The architects of our nation were just as familiar with these temptations are are we. We just need to turn back to open laws, open courts, and open public discourse.

Comment: When am I going to get rid of this tinfoil hat? (Score 5, Insightful) 234 234

So, now it turns out that the NSA really was attacking me. Just because I ran the routers and a few other critical things.

20 years ago, when I first started ranting about the NSA it was mostly theoretical. I ranted because there was no proof they were not evil. The stickers on my laptop's mic and camera were a bit of a joke. People would ask about them and it would give me a chance to rant. That's all I really wanted. A chance to rant from time to time.

But, now it is clear that all my rants were too conservative.

Now I am doing IT security for a university. I spend all day attempting to hold off the attacks of foreign governments. Some of those attacks now appear to be my own government. I never really wanted to be this paranoid. And it still appears that I am not paranoid enough.

When will I ever be able to take off this stupid tinfoil hat?

Congress keeps railing against money wasted on social programs. It appears the NSA and the CIA are elaborate social programs for sociopaths. Why can't we defund them?

Comment: Re:NSA Walks a Fine Line (Score 1) 324 324

But, for the last 10 years, the NSA has not walked the line at all. If the NSA could evenly balance the equities issue: https://www.schneier.com/blog/..., then there would less problems. But, now, there is no balance. The NSA takes many actions that demonstrate that their drive to Attack has suppressed their duty to Defend. They include:
  1. 1) BULLRUN - http://en.wikipedia.org/wiki/B...
  2. 2) The exploit marketplace is greatly enhanced by the activities of the NSA. This marketplace drives the creation of new exploit. It threatens us all. The NSA never publishes an exploit. Instead, they purchase exploit. Again and again. Many times, they are purchasing exploit they already own, because they don't want to reveal what they own. It is inevitable that they frequently purchase info on exploit that they create. The exploit marketplace would collapse, if the NSA, CyberCommand and their consultants would just stop buying. The exploit marketplace would vanish, if the NSA freely disclosed a fraction (say 30%) of their exploits every year.
  3. 3) Large networks of Bots can only exist at the sufferance of the NSA. Again, if the NSA wished, they could easily, trivially track the C&C of the large criminal Bots. Then they could be dismantled using the ShadowServer's infrastructure: https://www.shadowserver.org/w... Instead, it appears the NSA is maintaining the existence of the Bots for it own reasons.
  4. 4) The lack of malware Epidemiology. The NSA could publish accurate statistics on incidence of malware. Again, the NSA is in a unique position to track the dissemination and activity of malware. With those stats, we could make accurate determinations of the effectiveness of different security measures. With accurate Epidemiology, we can move defense from superstition to science. Instead, it appears the NSA doesn't want effective defense.
  5. 5) Spoofed DoS packets on the internet can only exist because the NSA tolerates them. If the NSA wished, they could easily, trivially identify all the sources of Spoofed packets. The NSA has enough listening points they can track a stream of spoofed packets back to it's source. Then those sources would be identified, fixed/shunned, and eliminated. Instead, it appears the NSA maintains those sources as cover for their own activities.

That is why Schneier is advocating the breakup of the NSA. We must remove the equities debate from their hands. One part will be driven by offense, the other by defense. And Offense will stop being able to suppress Defense.

Comment: Re:since when is the FBI a spy agency? (Score 4, Insightful) 324 324

Looking at the FBI Mission: http://www.fbi.gov/about-us/qu... it looks like the Priorities are based on Crazy Congressional Wishlist. There are just too many Priorities. And, they are ranked according to sensationalism, not importance to the survival of the Nation. That page lists them as:
  1. 1. Protect the United States from terrorist attack
  2. 2. Protect the United States against foreign intelligence operations and espionage
  3. 3. Protect the United States against cyber-based attacks and high-technology crimes
  4. 4. Combat public corruption at all levels
  5. 5. Protect civil rights
  6. 6. Combat transnational/national criminal organizations and enterprises
  7. 7. Combat major white-collar crime
  8. 8. Combat significant violent crime
  9. 9. Support federal, state, local and international partners
  10. 10. Upgrade technology to successfully perform the FBI’s mission

At this point, I think we can all clearly see that Terrorism only has as much importance as we create for it. If we don't regard it as important, the Terrorism threat goes almost entirely away. If you were to rank these Priorities according to what most impacts the survival of the Nation, I believe it would look more like:

  1. 1. Combat public corruption at all levels
  2. 2. Combat transnational/national criminal organizations and enterprises
  3. 3. Protect civil rights
  4. 4. Combat major white-collar crime
  5. 5. Combat significant violent crime
  6. 6. Support federal, state, local and international partners
  7. 7. Upgrade technology to successfully perform the FBI’s mission
  8. 8. Protect the United States against cyber-based attacks and high-technology crimes
  9. 9. Protect the United States against foreign intelligence operations and espionage
  10. 10. Protect the United States from terrorist attack