Dailydave mailing list archives
Re: FireEye is sad.
From: Darkpassenger <darkpassenger () unseen is>
Date: Wed, 16 Sep 2015 10:32:26 -0700
FDA analogy is really far from Cyber and intellectual nature of its elements . better use FCC business, yes ?
see here : https://apps.fcc.gov/kdb/GetAttachment.html?id=1UiSJRK869RsyQddPi5hpw%3D%3D&desc=594280%20D02%20U-NII%20Device%20Security%20v01r02&tracking_number=39498so it would seem legally questionable to turn a wifi chip into monitor mode (your simple daily sniffer) or "engineer" better RF coverage in MIMO-mode of a recent AP firmware with home-cooked tricks on chip's luxury beam-forming features ( say , your restless sleepless night-time games ) .
is the example going to factually change how the game is played on the mentioned 5 Ghz targets ? not really . i have strong objections on calling whole infosec spectrum an "industry" , as if folks are in it with same terms and intentions . "regulating away the threat" is how allied nations tried to handle the dual-use tech for example on CW or even nuclear issues , apparently by a couple of agreements . does it work , really? i do know that it doesnt . i recommend this for a through reading : https://mitpress.mit.edu/books/innovation-dual-use-and-security
-dp On 2015-09-13 17:07, Moses Hernandez wrote:
Being in Vendor land right now, I'll keep my comments brief, because theyare just that my comments from just me.On the subject of regulation however, I just want to be clear. I was, andto an extend, still am in the camp of 'regulation'. I know that the Wassenaar arrangement was far from what I had in mind. The proposedlegislation was rather sickening. When I think of maturity in our field, oreven just playing in the big leagues, I try and think of what other professions look like.Just for a moment, suspend belief and think about the basic mechanism ofgetting from onto our tables. For us Americans on the list, lets just consider the FDA. Consumers want to have confidence in the product thatthey are buying. They want to know that the Blue Bell Ice Cream they areconsuming is going to be maybe not as good as Cherry Garcia(http://www.benjerry.com/flavors/cherry-garcia-ice-cream), but still edible,one would hope: http://www.fda.gov/Food/RecallsOutbreaksEmergencies/Outbreaks/ucm438104.htm Interesting story found here: ( http://www.marketplace.org/topics/health-care/who-pays-new-fda-food-safety-rules) which claims:"Federal officials put the cost of compliance at about $380 million foran industry that generates about $1.1 trillion in retail food sales." Confidence breeds markets to grow in a sustainable way, or at a minimumjust grow. But of course, Wassenar-like regulatory changes, could always happen in the Food industry, even if all we want is to be not poisoned, andfor things like this you have associations. This is where our industry,probably lacks a bit of guidance, but stroll through any state capital and you will see these types of association buildings: (http://www.ffva.com/).Even though we can understand why this would be important in the age ofsay, Wassanar, what does this have to do with vendors and their attempts toshutdown research? I think what we need to understand as an industry is that just like the car manufacturers from time to time will take anactuarial approach to safety and try and avoid correcting issues, we may find the same in our lines of work. Safety, maybe even, regulatory stylesafety, will eventually happen. It's just the way we have to mature. We probably will not see if some time until there is a sudden event thatforces is, because our trajectory of growing the software segments and ourindustry will really slow.But then again, confidence breeds growth in markets, so who is going to buy the car with the lowest safety rating? And who will buy the food that willpoison them the most?[1] [1] we do. ( http://www.nbcnews.com/id/11992264/ns/health-fitness/t/should-you-defrost-your-diet/ )On Fri, Sep 11, 2015 at 9:27 AM, Dave Aitel <dave () immunityinc com> wrote:The real question in security is always how to play Poker against an opponent who can see all your cards. http://www.forbes.com/sites/thomasbrewster/2015/09/10/fireeye-slammed-over-injunction/ https://lists.immunityinc.com/pipermail/dailydave/2013-March/000353.htmlIn a way our "IP" laws have confused a lot of us about security. What ifNOBODY TALKED ABOUT OUR WEAKNESSES BECAUSE IT WAS ILLEGAL, the management teams say. This, of course, directly relates to the "regulation is GOING to happen" Wassenaar crowd because it's the exact same fundamental psychology at work. "We're going to regulate away thethreat" is as useless as saying "hackers won't buy our boxes to find outhow to bypass our defenses". -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- FireEye is sad. Dave Aitel (Sep 11)
- Re: FireEye is sad. Steve (Sep 11)
- Re: FireEye is sad. Arrigo Triulzi (Sep 11)
- Re: FireEye is sad. Nicolas RUFF (Sep 14)
- Re: FireEye is sad. Joe Klein (Sep 17)
- Re: FireEye is sad. Arrigo Triulzi (Sep 11)
- Re: FireEye is sad. Steve (Sep 11)
- Re: FireEye is sad. Moses Hernandez (Sep 14)
- Re: FireEye is sad. Darkpassenger (Sep 17)