funsec mailing list archives

Previous By Date Next
Previous By Thread Next

fog of cyberwar

From: Gadi Evron <ge () linuxbox org>
Date: Fri, 22 Jan 2010 05:39:51 +0200
I just wrote a blog on this:
http://darkreading.com/blog/archives/2010/01/fog_of_cyberwar.html

In short:
While we are all talking of Google's morals and US/China diplomacy, 
there are some questions that mostly remain unasked:

1. Did Google hack a Taiwanese server to investigate the breach? If so, 
good for them. Our ethics need to catch up to our morals. But, for now, 
it's still illegal so some details would be nice.

As you know, I have been calling for more than "get slapped, write 
analysis" response to cyber crime for a long time, but we need to be 
careful not to start an offensive the Internet can't win (criminals 
willing to play scorched Earth--we're not, and our legal/ethical 
limitations).

2. Is Microsoft, while usually timely and responsible, completely 
irresponsible in wanting to patch this only in February? While they 
patched it sooner (which couldn't have been easy), their over-all policy 
is very disturbing and in my opinion calls for IE to not be used anymore.

3. Why are people treating targeted attacks as a new threat model? Their 
threat models are just old.

Oh yeah, and this is espionage, not cyber war. Computers are just new 
tools/weapons for an old motive.
Espionage unlike cyber crime and cyber war is well established in law 
and diplomacy both. Security experts should not spread fear, and they 
definitely shouldn't be the ones people look to for answers on this.

Thoughts?

        Gadi.


-- 
Gadi Evron,
ge () linuxbox org.

Blog: http://gevron.livejournal.com/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: