Comments on: Nation State Cyberwarfare Reality Check

By: Richard Bejtlich

Richard Bejtlich — Sat, 11 Jul 2009 21:33:23 +0000

“The root cause of these denial of service attacks is insecure software… Each and every computer system, and each and every software package running on them must be made secure.”

You mean like every single physical asset is “made secure?” I’m guessing you live in a concrete house with bars over the windows, send your kids to school in an armored personnel carrier, etc.?

The root cause of these denial of service attacks is a group of bad guys. We need to deal with bad guys in the cyber world like we deal with them in the physical world.

If you say you lock your house I’ll mention bump keys, breaking a door or window, etc. The same goes for cars and every other example. Real world security is threat-focused, not vulnerability focused.

By: CrabbyOlBastard

CrabbyOlBastard — Thu, 09 Jul 2009 18:50:15 +0000

If one were able to get secure coding codified and implemented, then I believe that the problem will then be the human nature aspect. Unless forced by software, they will more often then not, weaken their systems by installing rogue software, lessening passwords, or being completely unversed in security practices.

It’s a tough nut to crack overall… There may never be a solution to this problem.

By: Chris Wysopal

Chris Wysopal — Thu, 09 Jul 2009 17:00:18 +0000

One malignant cell is not a problem. It is when they reach a critical mass withing the community of cells making up the animal that is a problem.

The way I look at it many low risk compromised machines (the home PC user) be come a high risk collectively to any single machine on the internet community.

By: Chris

Chris — Thu, 09 Jul 2009 12:12:29 +0000

I like the cell analogy, so lets go with that. Molecular biology seems to be the field we computer security people are looking towards for answers to our own problems these days. And that’s not necessarily a bad thing but it does bring up the question: ‘Is the cat and mouse game ever avoidable?’. (I don’t think it is). But we can become a better cat. We need a good way to tell the ecosystem those cells are infected and require a cure, or at least detect the symptoms early. So we should also be looking at other fields such as neuroscience (the CS community has for a long time). Every country have their own dominant social networking website, this is a good place to start to get the word out ‘mass infection happening … do xyz’. You can’t post it on ISC and expect 500 million normal people to read it. This also raises the possibility of an attacker using that same system for malicious gain, but certain virii does this in nature IIRC. While auditing all software before release is a great idea (and yes is great for business ;) its not %100 possible, the same way your born with flawed cells that will eventually be owned by some virus specifically designed to exploit its weaknesses. One thing is certain, I am not smart enough to solve this problem. Good post.

By: Nation State Cyberwarfare Reality Check « euraktiva

Nation State Cyberwarfare Reality Check « euraktiva — Thu, 09 Jul 2009 10:59:14 +0000

[...] via Nation State Cyberwarfare Reality Check. [...]