Re: Semi-anonymized moderation.

[Jon Oberheide <jon () oberheide org>]

> On 1/28/08, Kowsik <kowsik () gmail com> wrote:
> After 5+ years of stopping this, stopping that, writing anti-malware,
> anti-dos, anti-backdoors, anti-vulnerablities, anti-scanners,
> anti-spoofing, anti-this and anti-that, it pretty much came down to
> "ENOUGH ALREADY!", for me.
>
> Being reactive just ain't fun. It gets pretty damn tiring after a
> while when for ever rule the ID/PS has, there are like a million
> exceptions on the network. No, I'm not just talking about evasions and
> obfuscations. One small step for the attacker, one impossible jump for
> the rest - especially with the current approach.
>
> This is not a dig on specific products or how they work. They do what
> they are intended to do reasonably well. However, the problem they all
> set out to solve is inherently intractable.

As my colleague would say, it's a "security-complete" problem.

(No, there is no formal definition for a security-complete class of
problems.  A problem just automagically becomes security-complete when
you reach that "ENOUGH ALREADY" stage and feel like smashing all
computing devices in a 10 block radius.)

Besides being a meaningless novelty term used to cop-out of hard
problems, we can at least make vague, swiss-cheese analogies and compare
it to a similar class of problems: NP-complete.  We don't give up
NP-complete problems because they lack a polynomial-time solution;
instead, we develop practical algorithms that provide approximate
solutions.  You can see where this is going...

Regards,
Jon Oberheide

-- 
Jon Oberheide <jon () oberheide org>
GnuPG Key: 1024D/F47C17FE
Fingerprint: B716 DA66 8173 6EDD 28F6  F184 5842 1C89 F47C 17FE

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave