Tor·que·ma·da (tôrk-mäd, tôrk-mää), Tomás de 1420-1498. Spanish Dominican friar who was appointed grand inquisitor by Pope Innocent VIII (1487). Under his authority, thousands of Jews, suspected witches, and others were killed or tortured during the Spanish Inquisition.
jueves, 30 de julio de 2009
martes, 28 de julio de 2009
Theory of Stupidivity: Your Guarantee of Cybersecurity Failure
Posted by George Smith on 07/03/2009 :: Permalink :: Comments
Today's cant on cybersecurity is news on 'Einstein,' the security system to be installed on all government computers in order to protect them from cyberspies.
"It is supposed to detect known types of cyberattacks and immediately alert the cybersecurity center," reports the Wall Street Journal. "The problem: Like its predecessor, it still can't detect or block sophisticated attacks that weren't previously known, said Stewart Baker, a former senior Homeland Security Department official. Homeland Security is the only department using it so far."
"Homeland Security Department first developed Einstein in 2003, adapting technology from a Pentagon program that monitored military networks ... " informs the WSJ.
In another manner of speaking, it uses the anti-virus software model of 'security.'
Entrenched and solidified over decades, anti-virus software detects only malware that has already been submitted in samples and examples to its developer. That is, by definition, it can't detect the newest attacks until someone else -- hopefully not you -- has been snared by them.
Over years and years, it has inspired, accelerated and ensured an arms race between virus-writers and software developers, a process that is now locked in stone.
Last week, for example, an advertisement with malicious code in it threw three viruses at DD's PC. Software caught two and I was left to net the third, which I caught when it tried to alter the system. I threw the virus into a directory I keep for unidentified malware and suspicious programs. A few days later, when the a-v software updated for the third or fourth time after the incident, it was detected. So someone, not just me, had been exposed to it and taken the time to send a sample to the company. And there were, invariably, some people who were screwed over by it.
Security expert Marcus Ranum discussed this at length some years ago in "The Six Dumbest Ideas in Computer Security."
In essence, the Einstein system and plan for making government computers secure accumulates these ideas into one big ball. Let's call it "The Theory of Stupidivity," in honor of the Einstein name. Now don't go off the rails here. The government isn't the only guilty party. Almost everyone seems to practice most of the six dumbest ideas in computer security.
Notable among these flaws is the dumb idea Ranum called "Enumerating Badness." It's the definition of the anti-virus/anti-malware/anti-spyware industry.
Back in the good ol' days when s----happening wasn't everywhere "security practitioners got into the habit of 'Enumerating Badness' -- listing all the bad things that we know about. Once you list all the badness, then you can put things in place to detect it, or block it."
"Why is 'Enumerating Badness' a dumb idea?" asked Ranum. "It's a dumb idea because sometime around 1992 the amount of Badness in the Internet began to vastly outweigh the amount of Goodness."
"Enumerating Badness" goes hand in hand with "Penetrate and Patch."
"One clear symptom that you've got a case of 'Penetrate and Patch' is when you find that your system is always vulnerable to the 'bug of the week," wrote Ranum. "It means that you've put yourself in a situation where every time the hackers invent a new weapon, it works against you. Doesn't that sound dumb? Your software and systems should be secure by design and should have been designed with flaw-handling in mind."
Does that sound like common news from the cybersecurity beat? Rhetorical question.
Practically speaking, there's not much hope of 'secure by design' anymore. And the current news about the Einstein system only underlines it.
Let's return to the WSJ article. "Homeland Security is the only department using it so far," it says.
This is not necessarily a bad thing. There's really not much point in being forced into being an early adopter when something isn't an improvement on what one already has. And is unknown in its bugs and weaknesses, and maybe worse.
Good advice could be to be 'last in line' for Einstein, version whatever, until everyone else has it sorted out.
In other matters this week:
"Jack Goldsmith, a professor at Harvard Law School who was an assistant attorney general from 2003 to 2004, is writing a book on cyberwar," threatened a by-line on the op-ed pages of the NY Times.
Goldsmith, a lawyer from the Bush administration awarded a pass from the left for his tell-all book on the 'terror presidency', joins other famous ex-government officials, who as soon as they've finished with their cash-ins, refashion themselves as seers of the techno-future and set about writing tomes which are part thriller, part warning, containing multitudes of allegedly new-fangled plots and actions against the country.
The most notable example is Richard A. Clarke. Clarke got into writing security warning techno-thrillers. His first, entitled "The Scorpion's Gate," was a success. The second, "Breakpoint," dealt with cyberterrorism and sank without much trace.
For the Times, Goldsmith emitted a bit of a teaser, casting himself as one of the new electronic Pearl Harbor men, a species in no short supply.
Goldsmith has newly discovered cybersecurity. For the Times, his opinion piece furnished the standard cliches and sincere hand-wringing concern about the menacing nature of it and what must be done. Just like the ten thousand or so before him over the last fifteen years.
In the first graf of the opinion piece, we get the China-did-it meme. Federal law now mandates it be inserted in every opinion piece on cyberwar
"Our economy, energy supply, means of transportation and military defenses are dependent on vast, interconnected computer and telecommunications networks ... In the last few months it has been reported that Chinese network operations have found their way into American electricity grids, and computer spies have broken into the Pentagon's Joint Strike Fighter project," it reads.
"The government should jump-start [cybersecurity] education by mandating minimum computer security standards and by requiring Internet service providers to deny or delay Internet access to computers that fall below these standards, or that are sending spam or suspicious multiple computer probes into the network," Goldsmith opines.
Good idea. Require licensing and vetting for everyone's home and business desktop PC or refuse entry to the net. First step: Close down all the unregulated PC departments in consumer electronics stores like BestBuy. Second step: Decertify and refuse connection to all desktop and laptop PCs in use at public schools and at universities. Third step: Disallow all connection to the Internet by DSL, cable modem, wireless or dial-up from private residences, apartments and Internet cafes until all PCs are declared sanitized and impervious to penetration. Fourth: Raid and take out of business all big ISPs unable to guarantee their customers to be computer virus free. Last: Immediately put those damn kids always launching scripted UDP floods in jail.
Just pulling your leg.
George Smith also blogs here.
Leave a comment
Sign in to comment on this entry, or comment anonymously.
Remember personal info?
Comments (You may use HTML tags for style)
George SmithClick here for Bio Authors
James Jay Carafano
Council on Foreign Relations
Nikolas K. Gvosdev
Brian Michael Jenkins
Arthur G. Martirosyan
Support the Troops
The Forever War
US Air Force
US Marine Corps
viernes, 17 de julio de 2009
miércoles, 15 de julio de 2009
1 2 3 4 5 6 7 8 9 10 Next
Space travel - Wikipedia, the free encyclopedia - [ Traducir esta página ]
27 May 2009 ... Space travel can refer to: Spaceflight, the use of space technology to fly a spacecraft into and through outer space, which may include: ...en.wikipedia.org/wiki/Space_travel - En caché - Similares
Space Tourism, Space Transport and Space Exploration News - [ Traducir esta página ]
15 Jul 2009 ... Space-Travel.Com brings you daily news about SPACE TRAVEL.Shuttle news - Station news - Launch pad - Rocket sciencewww.space-travel.com/ - hace 4 horas - En caché - Similares
Space Travel and Exploration - [ Traducir esta página ]
SPACE TRAVEL · US manned space flight in doubt 40 years after moon walk. Washington (AFP) July 11, 2009. US ambitions to send astronauts back to the moon as ...www.space-travel.com/Space_Travel.html - En caché - SimilaresMás resultados de www.space-travel.com »
Resultados de vídeo de space travel
Cosmic Gate - Exploration of Space3 min 30 swww.youtube.com
NASADestinationTomorrow - DT18 - Long Duration ...8 minvideo.google.com
Space Travel Guide - [ Traducir esta página ]
Explains the various concepts of space travel. Starting from the basic physical laws in an interactive manner.library.thinkquest.org/03oct/02144/ - En caché - Similares
Space Travel 101: Fundamentals of Space Travel - [ Traducir esta página ]
Essentials of spacecraft and missions presented by a group of teens for the Thinkquest competition. Talks about the history of space travel, the technology ...library.thinkquest.org/03oct/01581/ - En caché - Similares
Virgin Galactic - [ Traducir esta página ]
Airline offering suborbital spaceflights with a new version of SpaceShipOne. Provides description of flights, the vehicle and offers bookings starting 2005.www.virgingalactic.com/ - En caché - Similares
StarChild: Space Travel - [ Traducir esta página ]
Boy sitting playing with space shuttle, Space Travel. The astronauts had to use special tools to collect rock samples on the Moon because they could not ...starchild.gsfc.nasa.gov/docs/.../space.../travel.html - En caché - Similares
SPACE Viajes Espaciales
Address: Viajes Espaciales/Space Travel & Tours 7a Calle Poniente #15, Centro Comercial El Búcaro Antigua Guatemala, Guatemala, Central America ...www.travelinguatemala.com/ - En caché - Similares
Amazon.com: Space Travel (Science Fiction Writing Series): Ben ... - [ Traducir esta página ]
Take a tour of space with "Space Travel" that explains science to help readers make fiction plausible. Readers will see what is real today and what may ...www.amazon.com/Space-Travel.../0898797470 - En caché - Similares
Greenwood Space Travel Supply Co. - [ Traducir esta página ]
Associated with 826 Seattle and located in Greenwood.www.greenwoodspacetravelsupply.com/ - En caché - Similares
Resultados de noticias que contienen space travel
Should space exploration continue? - hace 11 horas
The space program's benefits have been well documented with inventions and discoveries in areas like medicine, electronics, defense, travel, geology, ...Daytona Beach News-Journal - 1075 artículos relacionados »
SpaceX Chalks Up Another First for Commercial Space Travel - TechNewsWorld - 248 artículos relacionados »
A holiday in Hawaii and space travel - Car Rentals - 3 artículos relacionados »
Búsquedas relacionadas con: space travel
space travel exploration
astronauts space travel
space travel tourism
nasa space exploration
gravity space travel
space exploration wikipedia
space shuttle travel
space exploration on the moon
Restringir la búsqueda a los resultados - Herramientas
Archivo del blog
- ► mayo (7)
- ► julio (7)
- ► octubre (10)
- ► septiembre (10)
- ► agosto (8)
- ► julio (12)
- ► mayo (11)
- ► abril (8)
- ► marzo (8)
- ► febrero (11)
- ► noviembre (8)
- ► octubre (12)
- ► septiembre (8)
- ► julio (16)
- ► junio (12)
- ► mayo (14)
- ► abril (10)
- ► marzo (10)
- ► febrero (15)
- ► diciembre (12)
- ► noviembre (9)
- ► octubre (11)
- ► septiembre (8)
- ► agosto (10)
- ► julio (14)
- ► junio (10)
- ► mayo (9)
- ► abril (10)
- ► marzo (12)
- ► febrero (18)
- ► diciembre (12)
- ► noviembre (14)
- ► octubre (14)
- ► septiembre (16)
- ► agosto (22)
- ► julio (15)
- ► junio (15)
- ► mayo (18)
- ► abril (20)
- ► marzo (23)
- ► febrero (22)
- ► noviembre (8)
- ► 2010 (23)
- ▼ julio (5)
- ► julio (8)