Dailydave mailing list archives
Re: Attribution
From: Josh Saxe <joshsaxe () yahoo com>
Date: Wed, 14 Apr 2010 15:47:37 -0700 (PDT)
Hi! I'm new to this list, I'm a security researcher, but from having read the posts on here for the last couple weeks, my work is in a bit of a different area - visualization and intrusion detection, as opposed to vulnerability discovery and exploit development. Yes, if you can't attribute quickly or at all, you're in trouble. But, today, in a network 'conflict', all sides have the disadvantage of how difficult attribution is. And one side can succeed, in certain respects, even while they're blind to what their opponent is up to. In that way the 'cyber' landscape is one in which everyone can see relatively well the situation of their opponents but a good mirror is hard to find. Not that you're saying this, but this and many other properties of this space make physical / geographical metaphors really faulty. Josh ________________________________ From: dave <dave () immunityinc com> To: dailydave () lists immunityinc com Sent: Wed, April 14, 2010 9:20:24 AM Subject: [Dailydave] Attribution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In an interesting presentation I saw recently someone mentioned that Attribution is hard in cyberspace (f.e. [1]), which generally is discussed in the context of "Deterrence"[2]. I really like the term "cyberspace", although I know people hate it. First of all cyberspace is not "the Internet". It's (imho) a collection of networks, information systems, databases, phone networks, people's heads, and other "information entities" that together make up the world's set of data and data processing. They call it "Information Operations" for a reason, but the term "InformationSpace" is terrible. Plus, William Gibson is a genius, so Cyberspace it is. Secondly if you are doing your information operations correctly, then Attribution is a solved problem. You can even use it as a metric: "Percent of incoming attacks that I can tie to a known actor == amount I have 'dominance over the information battlespace'". Aka, Attribution is a simple metric for 'Am I winning?'. If you have no attribution, you are not winning. Dave Aitel Immunity, Inc. [1] http://www.nap.edu/openbook.php?record_id=11925&page=113 [2] http://www.networkworld.com/news/2010/040710-think-tank-in-estonia-ponders.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkvF60gACgkQtehAhL0gheoPYwCfXqcikgKlZ8pumPlYVAG7Jq5c WcAAnjCbY9K4iLfk2XVK7m3+81GauKVH =HRBy -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Attribution dave (Apr 14)
- Re: Attribution Shane (Apr 14)
- Re: Attribution Jordan Frank (Apr 15)
- Re: Attribution Josh Saxe (Apr 15)
- Re: Attribution dan (Apr 15)
- Re: Attribution Yvan Boily (Apr 15)
- Re: Attribution Shane (Apr 14)