Dailydave mailing list archives
Re: The difference between a monkey and a gorilla
From: Chris Wysopal <weld () vulnwatch org>
Date: Sun, 24 Jul 2005 20:03:12 -0500 (EST)
On Tue, 19 Jul 2005, Dave Aitel wrote:
As Jared Diamond (http://www.pbs.org/previews/gunsgermssteel/) says, humans are basically just a strange sub-species of chimpanzee. Likewise I wonder if security researchers are tamed and channeled hackers, or if hackers are the bizzare sub-species that consumes more resources than you'd expect, and create more art than you'd imagine. In a bit of meta-irony, Weld Pond is the one who introduced me to Jared Diamond.
I'm not sure what makes this ironic, let alone the irony be ironic, but I'm sure Dave will explain it to me. :) In any case I think a much more interesting application of Diamond's concepts to this list is applying them to cyberwar. What can the geography of cyberspace or perhaps more importantly, the geography of its inhabitants tell us about who will win in cyberwarfare. Diamond's fundemental theory about the last thousand years of world history and how Europeans were able to conquer multiple continents is based on geography. The east-west arrangement of Europe vs the north-south arrangement of the Americas and Africa allowed people and technology, like farming and steel making, to flow more easily. This is due to the fact that the same latitude has a similar climate eats-west and is in the same season. When a new crop was developed or animal domesticated, that knowledge spread more quickly across Europe. The same held true for other technological inventions, the spread of disease and later the resistance to disease. Europeans weren't smarter or braver than South Americans. Chance had put them in a place where civilization could develop more quickly. Check out the series on PBS or better, read the book (now on the NYTimes paperback best seller list). The question I have is can these principles be applied to cyberspace? Are there fundemental structures akin to the concepts in Lessig's "Code and Other Laws of Cyberspace" that are the geography of cyberspace and does that geography favor the citizens of one country over another? When people collide in cyberspace who will win at cyberwarfare? I am defining cyberwarfare broadly here as controlling information, commerce/money, and the physical world connected to the internet. Access to hardware is certainly favorable. Sure if you are a good hacker you can find a box to own of the type you want somewhere on the net but there really is no substitute for your own hardware lab. Countries that have corporations throwing out old equipment that you can grab for free (or very cheap) are going to be favorable to places where your only computer access is in a library or cybercafe. If you are going to do research or build something, dedicated access is a big plus. A couple of data points. Back in 1998, Richard Clarke from the NSC visited the L0pht with a couple of other govt. intelligence types. After a tour of our several rooms full of equipment (mostly online) and our hardware lab, he went over into a corner and was whispering with his collegues. Mudge thought this was a bit rude and asked them, since they were guests in our place, to speak openly. Clarke did. He said that they were discussing the fact that we were able to amass such a hardware capability with no budget (we dumpster and corporate closet dived) was going to cause them to change their threat model. The US intelligence community values access to hadware. Shift forward to the GhettoHackers in 2002. I visited their space and it was more impressive than what we had at the L0pht. They had more hardware and they used it more effectively. They had dozens of machines with different architectures and OSes (and versions) loaded. This gave the GhettoHackers a decisive advantage when it came to hacking at events like Defcon's Capture the Flag. They had to start running the event because they had won so often. Another factor is the culture of the country. Does it favor exploration? Is there a history of invention and research? Is there an ethic of rebellion that allows progress in spite of laws like the DMCA which outlaw certain areas of research? Perhaps a country with lawless cyberspace is beneficial. Is there free speech and its counterpart, free access to the speech of others? Is the written language the same as the one that is used in programming languages, API descriptions, documentation, security information, etc.? In the current environment, reading and writing English would seem like a big plus. What is the education environment for math, engineering, computer programming like? Is there funded security research going on? I am undoubtably Americentric in my experience. But it would seem to me that people in the US and similar countries have an advantage in the cyberwarfare of the future. -Chris The rate of human invention is faster, and the rate of cultural loss is slower, in areas occupied by many competing societies with many individuals and in contact with societies elsewhere. - Jared Diamond _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The difference between a monkey and a gorilla Dave Aitel (Jul 19)
- Re: The difference between a monkey and a gorilla halvar (Jul 19)
- Re: The difference between a monkey and a gorilla Chris Wysopal (Jul 24)
- Re: The difference between a monkey and a gorilla Isaac Dawson (Jul 24)
- Message not available
- The difference between a monkey and a gorilla plonky (Jul 25)
- Re: The difference between a monkey and a gorilla Isaac Dawson (Jul 24)
- Re: The difference between a monkey and a gorilla Jonatan B (Jul 25)
- Re: The difference between a monkey and a gorilla Chris Wysopal (Jul 25)
- RE: The difference between a monkey and a gorilla Paul Melson (Jul 25)