Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki

[Michal Zalewski <lcamtuf () coredump cx>]

> What parts don't you understand? Let's delve!

OK, I'll bite...

So, I am just not entirely sure what is there to argue over, and why
it's worth arguing over in the first place.

I don't know for sure if "cyber" activities are a significant part of
the nation-level espionage and warfare activities, and very few people
(on this list and elsewhere) honestly do. Plus, when people who may be
in the know speak on this topic, it's often difficult to distill just
the facts. But in any case, it always seemed reasonable to assume that
such activities are taking place to some extent.

I am not sure why this would be relevant, though: the use of these
tools by nation states, under any military doctrine and goals, should
not change your threat model appreciably. Even if you are a government
agency, it's probably not your primary threat, and not a particularly
unique one: http://lcamtuf.blogspot.com/2011/02/give-me-give-me-p-give-me-t.html

The real tragedy of infosec is that we simply don't have the tools to
secure large and complex organizations particularly well - not against
governments, but against bored kids with an agenda. Security vendors
are partly to blame for perpetuating a myth that a secure organization
can be built on top of the commercial AV or IDS tools that said
vendors happen offer. It does not come as a surprise that this model
does not work well, and "the world of cyber" has very little to do
with it.

/mz
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave