[IP] more on well worth reading djf Computer network security: "Symbiot on the Rules of Engagement"

To: ip@xxxxxxxxxxxxxx
Subject: [IP] more on well worth reading djf Computer network security: "Symbiot on the Rules of Engagement"
From: Dave Farber <dave@xxxxxxxxxx>
Date: Thu, 11 Mar 2004 14:10:03 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx


Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Thu, 11 Mar 2004 12:38:37 -0500
From: L Jean Camp <jean_camp@xxxxxxxxxxx>
Subject: Re: [IP] well worth reading djf Computer network security:
 "Symbiot on the Rules of Engagement"
To: dave@xxxxxxxxxx
Cc: andyo@xxxxxxxxxxx

Increasing the risk of that group of people least able to manage risk isnot now and never has been effective policy. However, it has been known toprovide strong validating emotional public responses.

   Symbiot: There is always the possibility of collateral damage.

I believe that this is the first time US citizens have been referred to as"collateral damage". I never liked the phrase, and I like it less now thatis applies to my mom.

Yet this phrase is as illustrative as it is unattractive. In fact,blackmail is the apparent Symbiot business model. If you are not a Symbiotuser and are successfully subverted by an attacker, then the collectedSymbiot users will attack you en masse, purposefully causing additionalharm to your already damaged network. I presume the only certain way toforever stay off their "risk" list is to pay for their services. Otherwisesomeone would point two symbiots at each other, and watch their risknumbers rise. This does not sound like a posse, this sounds like the mob.

He notes that they have a database of "intent". This is either personalfantasy or known lie. How do they determine the intent of a machine?How do they distinguish between an untrustworthy machine and a machineowned by an attacker? How do they distinguish a thief from a sociopath?

Up to this point, home users can see their machines subverted because ofbugs in code that they have paid for, not be notified of the problem by theISP which the customer also pays, and be at the mercy of a technicallyempowered hacker. Now such users will be subject to the Symbiot response.He declares that such a user is no longer innocent.Indeed, I was unaware that a corporation had the right to declare guilt andinnocence across jurisdictions. This is at best a rather new development ininternational law, not standard operating procedure as he implies.

I sincerely hope that the first legitimate American business or person hitby Symbiot institutes a RICO action. Symbiot is instituting a pattern ofcriminal behavior directed against those individuals who have proven theirinability to protect themselves under the current market configuration.

Here is a radical alternative - ISPs and software vendors takeresponsibility for the harm and vulnerabilities of end users and berequired as part of business services to assist users in identification andresponse to the subversions of home machines.


-Jean


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] Salon: The New Pentagon Papers
Next by Date: [IP] more on well worth reading djf Computer network security: "Symbi ot on the Rules of Engagement"
Previous by thread: [IP] Salon: The New Pentagon Papers
Next by thread: [IP] more on well worth reading djf Computer network security: "Symbi ot on the Rules of Engagement"
Index(es):
- Date
- Thread