LE, Gov and private industry have always been bedfellows - they will continue to enjoy preferential treatment and advanced threat intelligence whilst sacrificing 'secrecy' both of internal operations and client information for the privilege. The gov can get IP addresses for sybil attacks, they don't need to smuggle honeypots into internal networks to accomplish this. The problem is that the 'day one' offering is very light, just a honeypot - after the target is socialized 'day two' 'enhanced feeds' can be marketed by LE & Gov by turning on the two-way flow of information. Casual erosion of trust / privacy boundaries. Which, of course, only further cements the old adages espoused on these lists. -Travis On Tue, Nov 25, 2014 at 10:58 PM, grarpamp <grarpamp@gmail.com> wrote:
http://www.metzdowd.com/pipermail/cryptography/2014-November/023693.html
http://dillingers.com/blog/2014/11/24/citas-threat-assessment-system/ let alone biased LE Heads up to Tor people, and cpunks to carve it up further. This isn't the usual LE proposal
Following on some related and technical comments...
While my analogy and definition of security may not have been best suited, nor is this reply, the point remains that there is nothing special here for you as a corp. Anything you say that LE can provide for *you* with honeypots can also be sourced internally or from the open market and your subsequent call to LE to mop up upon discovery of badness therein.
What is unique here is that LE will be classifying things learned from the HP's as gov't secrets. That's a hard problem. As opposed to telling you all of what you need to know to secure your own net under internal policies and vendor contracts that you would otherwise remain in control of.
Further, technically, parking an HP on your net only tells you about what happens regarding via that HP, nothing else. And since you must distrust this other party HP [1], then all you've got is a cracked HP outside your trust zone, no different than any other box on the internet. It's limited vantage point and bogus security metrics argument.
Sure, the US gov't might be able, on the whole from this, to correlate and expose more nation-state/international crime sources against the US and embarrass some foreign diplomats. That's always a good and fun thing [2]. And the services of LE are indeed valuable.
However do not make the mistake of thinking that *you yourself* will benefit *directly* from this program, that's not what it's designed for or capable of. In fact, you will be left out as dog food in case of 'national security priorities/secrets' arise.
The responsibility for securing your net still rests with you and you alone as always. The better way to be more secure is to ignore these silly sales schemes and look same effort at your own processes, weaknesses, code, OS/hardware, compartmentalization, etc. Maybe <=1% of that ends up being the use of HP's. Improve those own things overall and you'll be far better off.
This arrangement also strikes me as problematic in that it would also allow the FBI to set up a huge pool of Tor, Gnutella, Bittorrent, etc, nodes truly indistinguishable to users from genuine nodes run by people who support anonymity, uncensored journalism, whistleblowers, and free speech.
Last, what if one day *you* _need_ to use a freedom network and they've sybil'd up their nodes *against you*? Be careful what you ask for and invite into your home in the name of security, you might just get it... applied against you in time of need.
economic output if it didn't cost so damn much to keep MS boxes secure
Well then the solution there is clear... get rid of the MS boxes, and those who sold and administer them. Like HP's, nothing special about MS either.
Time limited I maybe not reply further.
[1] For reasons of both sanity and legal insufficiency of any indemnity offered.
[2] Note that some megacorps follow their own allegience... claiming the flag of whichever market suits them best at the moment. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>