Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!]

[Drsolly <drsollyp () drsolly com>]

> i halfway agree with this.  since the community undergoes constant churn in
> the membership of "trusted", there's a scaling limit induced by the churn
> that feels like it's not much higher than the scaling limit induced by "have
> to do everything manually and deal with transitivity instabilities in the
> trust web".  in other words, the manual/transitive scaling problem isn't
> the bottleneck simply because something else is already the bottleneck.
>
> however, the manual/transitive scaling problems are really much more costly
> than what you said.  "soon found out" is hardly guaranteed -- i've known of
> moles or double-agents in various security communities but was forbidden to
> "out" them due to ongoing law enforcement actions.  probably i only knew the
> tip of that iceberg.  a lot of sensitive material got leaked to people i knew
> were evil, and it's my basic assumption that they shared it further.  i'd say
> that like any malevolent parasite, these people try pretty hard to keep their
> true nature and impact hidden.  i'm SURE there's more of this kind of thing
> going on than i know.
>
> i'm also sure that "N degrees of separation", for very moderate values of N
> like "2" or "3", can introduce enough uncertainty as to how much vetting is
> really done or how much evil-tolerance is really present, that i've pretty
> much settled on a sharing rule similar to gadi's -- i only share with folks
> who i know will respect my sharing rules, which are usually "it ends here."

So I guess you won't be sharing with anyone who runs an open, unvetted VX 
system.
 
> so it's not unscalable for the reasons given, it's unscalable anyway, and i'm
> very interested in a better system.  heinlein's treatment of this issue in
> "the moon is a harsh mistress" was most instructive.  do we need a cell 
> structure the way revolutions do?  if so that's interesting.  are we part of
> a revolution?

There is a dilemma here.

We want to share stuff with people who will make a good and beneficial 
use fo it, and we don't want to share stuff with people who will act 
maliciously.

There's two extreme solutions to this, "don't share with anyone" and 
"share with everyone". I think most people (other than blackhats) agree 
that neither of these are good solutions.

So, you have to share with *some* people, and that means sharing with 
people who you trust. Different people might have different algorithms for 
deciding who to trust, but all people have some way they use.

I think Paul is saying here, that the "transitive trusting" model is too 
lax for his approval, and I can understand that. But remember, we're 
trying to change the methods of someone who isn't even using something as 
open as that.

Maybe I was right the first time around, and Val Smith is beyond 
redemption.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.