On Mon, Jul 9, 2012 at 11:22 PM, Christopher Morrow <morrowc.li...@gmail.com> wrote: > (note, people ought to: 1) think about this on their own making up > their own minds, 2) understand that the press has some very weird > ideas, 3) take some better protections on their own, for their own > security) > > also, I'm not judging the OP nor the reporter nor the ideas espoused > in the article/clips... > > On Mon, Jul 9, 2012 at 9:46 PM, William Allen Simpson > <william.allen.simp...@gmail.com> wrote: >> Somebody needs to give them a clue-by-four. The private sector > > people keep trying, sometimes it's helped. sometimes reporters need to > sell stories :( > >> already has the "Internet address where an email ... originated"; > > it's not just email they care about :( (you knew that I think) > >> it's already in the Received lines. We don't need to be informed >> about it, we already inform each other about it. > > one interesting idea, that has proven out some merit over the years is > the ability to share 'incident' data across entry points (say across > companies, or gov'ts even) about 'bad things' that are happening. > > Take the case of 'spam came in from this end system to my mailserver', > if I tell you that (or some central system that which you can query) > you'll learn that maybe the inbound connection to you is also > spam-rich. > >> And it's already delivered "at network speed." >> > > the article sort of reads like the above scenario though... maybe it's > NOT that, maybe it's something else entirely... it SEEMS that the > gov't wants to help. They may be able to, they may just foul things > up. The reporter certainly didn't leave enough details in place to > tell :( > >> It is my understanding the Dept of Homeland Security already >> cooperates in sharing government intrusion information. We certainly >> don't need a "U.S. spy agency" MITM to "protect the private sector." > > <http://en.wikipedia.org/wiki/Einstein_%28US-CERT_program%29> > > you may mean? could be... the wikipedias are sometimes wrong, or so > says the teacher of my 7yr old. > >> Moreover, the US is the source of most spam and malware, so the NSA >> isn't really going to be much help. And the US is the source of the > > but hosts in the US that are botted/spamming, also spam/bot other > things outside the US, right? so really who cares where the src is, > get some data collection points up and use that data to inform your > security policy, no? (sure, you'll have to have some smarts, and some > smart people, and be cautious... but you'd do that anyway, right? :) ) > > These folks have some awesome tech for that sort of data collection > and analysis: > <http://en.wikipedia.org/wiki/SHERIFF> > > it's a shame that their parent company can't find a way to monetize > that sort of thing. (the article there talks about some older version > of the system, which is still alive/well today doing fraud detection > and was doing some IDS/anomaly-detection-like work as well for ip > network things)
to be fair to vz/mci here, an offline reader pointed me to: <http://newscenter.verizon.com/press-releases/verizon/2011/verizon-teams-with-northrop.html> hey lookie, they sold one :) (hopefully for the sheriff folks, they can do more of this, it really is cool) >> only known cyber attacks on other country's infrastructure, so it's >> not likely much help there, either. Unless they expect retaliation? >> >> === >> >> http://in.reuters.com/article/2012/07/10/net-us-usa-security-cyber-idINBRE86901620120710 >> >> U.S. spy agencies say won't read Americans' email for cybersecurity >> 8:48pm EDT >> >> By Tabassum Zakaria and David Alexander >> >> WASHINGTON (Reuters) - The head of the U.S. spy agency that eavesdrops on >> electronic communications overseas sought on Monday to reassure Americans >> that the National Security Agency would not read their personal email if >> a new cybersecurity law was enacted to allow private companies to share >> information with the government. >> ... >> >> But to help protect the private sector, he said it was important that the >> intelligence agency be able to inform them about the type of malicious > > translated: "Hey, what if we could tell our private sector partners > (Lockheed-Martin, for instance) that they should be on the lookout for > things like X, or traffic destined to Y, or people sending all their > DNS queries to these 5 netblocks." (dcwg.org sorta crap) > > that doesn't sound 'bad', it sounds like there is a gap in the > business world to wrap all this data up and sell access to it... but > the gov't can jump in with their mountains of data from their > 'einstein' or whatever and go to town protecting their 'partners' who > have often close interactions with the gov't, right? > >> software and other cyber intrusions it is seeing and hear from companies >> about what they see breaching the protective measures on their computer >> networks. > > adding to the above: "What if we had an API such that you could feed > your collected alarm/alert/badness data to us as well? and we could > feed that back into our system, protect ourselves AND send it back out > to the other partners?" > > again, that's not that bad, really it sounds pretty cool... only if > MCI could have found a way to productize and monetize that... which we > built for them too :( but I digress. > >> "It doesn't require the government to read their mail or your mail to do >> that. It requires them, the Internet service provider or that company, to >> tell us that that type of event is going on at this time. And it has to be >> at network speed if you're going to stop it," Alexander said. > > alexander is loose with his pronouns, which makes this worse... in > reality: "send your alarm data to our system, hurrah!", PROBABLY this > could include large ISP people if the pricing (or regulatory world > were right), these folks COULD of course limit that to 'business isp > traffic only', maybe. > > this sounds a little less on the ball though, so I'll blame bad > reporter-translation, and hope that Alexander really meant: "Our > partners in the industry, who help supply us and build our widgets for > us, would be enabled to send data into our API..." > >> >> He said the information the government was seeking was the Internet >> address where an email containing malicious software originated and >> where it traveled to, not the content of the email. > > I'm sure this was simply an example... and the reporter jumped on it > like a carnivore, poor job reporter! :( > >> ... >> >> But the U.S. government is also concerned about the possibility of a cyber >> attack from adversaries on critical infrastructure such as the power grid or >> transportation systems. > > yes, put in the boogie-man! also, keep in mind that CI things are ... > in a horrid state, and as it turns out the folk running it are > ostriches :( > > -chris
