LE, Gov and private industry have always been bedfellows - they will continue to enjoy preferential treatment and advanced threat intelligence whilst sacrificing 'secrecy' both of internal operations and client information for the privilege. 

The gov can get IP addresses for sybil attacks, they don't need to smuggle honeypots into internal networks to accomplish this. 

The problem is that the 'day one' offering is very light, just a honeypot - after the target is socialized 'day two' 'enhanced feeds' can be marketed by LE & Gov by turning on the two-way flow of information. Casual erosion of trust / privacy boundaries.

Which, of course, only further cements the old adages espoused on these lists.

-Travis

On Tue, Nov 25, 2014 at 10:58 PM, grarpamp <grarpamp@gmail.com> wrote:
>>> http://www.metzdowd.com/pipermail/cryptography/2014-November/023693.html
>>> http://dillingers.com/blog/2014/11/24/citas-threat-assessment-system/
>> let alone biased LE
>> Heads up to Tor people, and cpunks to carve it up further.
> This isn't the usual LE proposal

Following on some related and technical comments...

While my analogy and definition of security may not have been best
suited, nor is this reply, the point remains that there is nothing
special here for you as a corp. Anything you say that LE can provide
for *you* with honeypots can also be sourced internally or from the
open market and your subsequent call to LE to mop up upon discovery
of badness therein.

What is unique here is that LE will be classifying things learned
from the HP's as gov't secrets. That's a hard problem. As opposed
to telling you all of what you need to know to secure your own net
under internal policies and vendor contracts that you would otherwise
remain in control of.

Further, technically, parking an HP on your net only tells you about
what happens regarding via that HP, nothing else. And since you
must distrust this other party HP [1], then all you've got is a
cracked HP outside your trust zone, no different than any other box
on the internet. It's limited vantage point and bogus security
metrics argument.

Sure, the US gov't might be able, on the whole from this, to correlate
and expose more nation-state/international crime sources against
the US and embarrass some foreign diplomats. That's always a good
and fun thing [2]. And the services of LE are indeed valuable.

However do not make the mistake of thinking that *you yourself*
will benefit *directly* from this program, that's not what it's
designed for or capable of. In fact, you will be left out as dog
food in case of 'national security priorities/secrets' arise.

The responsibility for securing your net still rests with you and
you alone as always. The better way to be more secure is to ignore
these silly sales schemes and look same effort at your own processes,
weaknesses, code, OS/hardware, compartmentalization, etc. Maybe
<=1% of that ends up being the use of HP's. Improve those own things
overall and you'll be far better off.

> This arrangement also strikes me as problematic in that it would also
> allow the FBI to set up a huge pool of Tor, Gnutella, Bittorrent, etc,
> nodes truly indistinguishable to users from genuine nodes run by people
> who support anonymity, uncensored journalism, whistleblowers, and free
> speech.

Last, what if one day *you* _need_ to use a freedom network and
they've sybil'd up their nodes *against you*? Be careful what you
ask for and invite into your home in the name of security, you might
just get it... applied against you in time of need.

> economic output if it didn't cost so damn much to keep MS boxes
> secure

Well then the solution there is clear... get rid of the MS boxes,
and those who sold and administer them. Like HP's, nothing special
about MS either.

Time limited I maybe not reply further.

[1] For reasons of both sanity and legal insufficiency of any
indemnity offered.

[2] Note that some megacorps follow their own allegience... claiming
the flag of whichever market suits them best at the moment.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk



--
Twitter | LinkedIn | GitHub | TravisBiehn.com | Google Plus