funsec mailing list archives
Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!]
From: Paul Vixie <paul () vix com>
Date: Fri, 30 Dec 2005 18:47:17 +0000
# > How do you scale it? # # I don't need to do vetting on thousands of people. All I need to do, is # trust a group of people, who each trust a group of people, and so on. If # someone betrays that trust, they soon get found out and ejected (it's # happened). It scales just fine. i halfway agree with this. since the community undergoes constant churn in the membership of "trusted", there's a scaling limit induced by the churn that feels like it's not much higher than the scaling limit induced by "have to do everything manually and deal with transitivity instabilities in the trust web". in other words, the manual/transitive scaling problem isn't the bottleneck simply because something else is already the bottleneck. however, the manual/transitive scaling problems are really much more costly than what you said. "soon found out" is hardly guaranteed -- i've known of moles or double-agents in various security communities but was forbidden to "out" them due to ongoing law enforcement actions. probably i only knew the tip of that iceberg. a lot of sensitive material got leaked to people i knew were evil, and it's my basic assumption that they shared it further. i'd say that like any malevolent parasite, these people try pretty hard to keep their true nature and impact hidden. i'm SURE there's more of this kind of thing going on than i know. i'm also sure that "N degrees of separation", for very moderate values of N like "2" or "3", can introduce enough uncertainty as to how much vetting is really done or how much evil-tolerance is really present, that i've pretty much settled on a sharing rule similar to gadi's -- i only share with folks who i know will respect my sharing rules, which are usually "it ends here." so it's not unscalable for the reasons given, it's unscalable anyway, and i'm very interested in a better system. heinlein's treatment of this issue in "the moon is a harsh mistress" was most instructive. do we need a cell structure the way revolutions do? if so that's interesting. are we part of a revolution? _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!], (continued)
- where are all the researchers here? speak up! [WAS: Malware sharing? People are full of shit] Gadi Evron (Dec 29)
- Re: where are all the researchers here? speak up! [WAS: Malware sharing? People are full of shit] Dude VanWinkle (Dec 29)
- RE: where are all the researchers here? speak up! [WAS:Malware sharing? People are full of shit] Randy Abrams (Dec 29)
- Re[2]: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Pierre Vandevenne (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Paul Vixie (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Paul Vixie (Dec 30)
- heinlein, a fascist? HOW DARE YOU??!! [WAS: Malware sharing? People are full of shit] Gadi Evron (Dec 30)
- Re: heinlein, a fascist? HOW DARE YOU??!! Rob, grandpa of Ryan, Trevor, Devon & Hannah (Dec 30)
- Re: heinlein, a fascist? HOW DARE YOU??!! Paul Vixie (Dec 30)
- Re: heinlein, a fascist? HOW DARE YOU??!! [WAS: Malware sharing? People are full of shit] Pierre Vandevenne (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 28)
- RE: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Randy Abrams (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Gadi Evron (Dec 29)