Dailydave mailing list archives
Re: Semi-anonymized moderation.
From: Jon Oberheide <jon () oberheide org>
Date: Mon, 28 Jan 2008 14:05:17 -0500
On 1/28/08, Kowsik <kowsik () gmail com> wrote: After 5+ years of stopping this, stopping that, writing anti-malware, anti-dos, anti-backdoors, anti-vulnerablities, anti-scanners, anti-spoofing, anti-this and anti-that, it pretty much came down to "ENOUGH ALREADY!", for me. Being reactive just ain't fun. It gets pretty damn tiring after a while when for ever rule the ID/PS has, there are like a million exceptions on the network. No, I'm not just talking about evasions and obfuscations. One small step for the attacker, one impossible jump for the rest - especially with the current approach. This is not a dig on specific products or how they work. They do what they are intended to do reasonably well. However, the problem they all set out to solve is inherently intractable.
As my colleague would say, it's a "security-complete" problem. (No, there is no formal definition for a security-complete class of problems. A problem just automagically becomes security-complete when you reach that "ENOUGH ALREADY" stage and feel like smashing all computing devices in a 10 block radius.) Besides being a meaningless novelty term used to cop-out of hard problems, we can at least make vague, swiss-cheese analogies and compare it to a similar class of problems: NP-complete. We don't give up NP-complete problems because they lack a polynomial-time solution; instead, we develop practical algorithms that provide approximate solutions. You can see where this is going... Regards, Jon Oberheide -- Jon Oberheide <jon () oberheide org> GnuPG Key: 1024D/F47C17FE Fingerprint: B716 DA66 8173 6EDD 28F6 F184 5842 1C89 F47C 17FE
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Semi-anonymized moderation. Dave Aitel (Jan 28)
- Re: Semi-anonymized moderation. Kowsik (Jan 28)
- Re: Semi-anonymized moderation. Chris Rohlf (Jan 28)
- Re: Semi-anonymized moderation. Jon Oberheide (Jan 28)
- Re: Semi-anonymized moderation. Chris Rohlf (Jan 28)
- Re: Semi-anonymized moderation. Brian (Jan 28)
- Re: Semi-anonymized moderation. Mark Loveless (Jan 28)
- Re: Semi-anonymized moderation. Brian (Jan 28)
- Re: Semi-anonymized moderation. Lance M. Havok (Jan 28)
- Re: Semi-anonymized moderation. Olef Anderson (Jan 28)
- Re: Semi-anonymized moderation. Stephen John Smoogen (Jan 28)
- Re: Semi-anonymized moderation. Mark Loveless (Jan 28)
- Re: Semi-anonymized moderation. Kowsik (Jan 28)
- Re: Semi-anonymized moderation. Sec urity (Jan 28)