[iwar] Why it doesn't work to fight back - for now...

From: Fred Cohen (fc@all.net)
Date: 2001-07-30 21:21:31


Return-Path: <sentto-279987-1501-996553294-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 30 Jul 2001 21:22:15 -0700 (PDT)
Received: (qmail 27597 invoked by uid 510); 31 Jul 2001 03:24:02 -0000
Received: from n31.groups.yahoo.com (216.115.96.81) by 204.181.12.215 with SMTP; 31 Jul 2001 03:24:02 -0000
X-eGroups-Return: sentto-279987-1501-996553294-fc=all.net@returns.onelist.com
Received: from [10.1.4.52] by hp.egroups.com with NNFMP; 31 Jul 2001 04:21:36 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@yahoogroups.com
Received: (EGP: mail-7_2_0); 31 Jul 2001 04:21:33 -0000
Received: (qmail 14603 invoked from network); 31 Jul 2001 04:21:32 -0000
Received: from unknown (10.1.10.142) by m8.onelist.org with QMQP; 31 Jul 2001 04:21:32 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 31 Jul 2001 04:21:32 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id VAA08343 for iwar@yahoogroups.com; Mon, 30 Jul 2001 21:21:31 -0700
Message-Id: <200107310421.VAA08343@big.all.net>
To: iwar@yahoogroups.com
In-Reply-To: <20010731025852.2987.qmail@web14501.mail.yahoo.com> from "e.r." at Jul 30, 2001 07:58:52 PM
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Mon, 30 Jul 2001 21:21:31 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] Why it doesn't work to fight back - for now...
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Per the message sent by e.r.:

> This is no longer a game and it is time to put your money where your
> mouth is.  To claim we are the "all knowing" of the IWAR circut and
> then to do nothing makes you look just as bad as the AOL lover-Im not
> kidding- on Dr. Rice's Committee.  In fact it makes you look worse
> because you know better.

> Fred, Tony and company, we have to attempt to effectuate change, or at
> a min. not allow these fools to damage national security dependent
> parts of the cyber infrastructure beyond repair.  It is a real
> possibility with the attacks like Code Red, and others from foreign
> nationals whose goals are to trash that system we rely on. I hate being
> correct in such situations, but it is hard to deny. I did grow up in a
> second rate nation and I will do whatever I can to slow down the
> adversaries. How about you, folks?  It is gut check time and I hope you
> will take the chance at intervention.

Remember, this is an open and global forum.  Many on this forum may not
be on your side.

The problem of going out and solving these problems is a bit complex
today.  For example, I am pretty certian I could stop the Red Code virus
in its tracks without much effort - a half a day with a skilled Windows
programmer would probably do it - the problem is that the techniques
available for doing this are violations of law - so I would have to do
it covertly and at personal risk of prosecution.  I know that you could
try to claim necessity in court, but I don't have time for that and I
doubt if Red Code will get to the level where we need to use these
techniques against it.

We are about to abandon our counter-staganography research because of
the DMCA - which basically makes it illegal to crack the codes used by
the bad guys (you cannot create a mechanism that bypasses an effective
security measure that protects copyright material - allmost all material
is effectively copyright when you write it down or put it in a computer
- so digital forensics is now a very dubious field to be in).

The sad truth is that the government continues to restrict my ability to
legally do research and most everything I can do that actually has
large-scale effect is highly dubious from a legal standpoint.  This does
not stop the bad guys from doing it - when steganalysis is illegal, only
criminals will do steganalysis - when forensics is illegal, only
criminals will do forensics - that's where it's going.

Enough ranting - back to iwar...

FC
--This communication is confidential to the parties it is intended to serve--
Fred Cohen		Fred Cohen & Associates.........tel/fax:925-454-0171
fc@all.net		The University of New Haven.....http://www.unhca.com/
http://all.net/		Sandia National Laboratories....tel:925-294-2087

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Small business owners...
Tell us what you think!
http://us.click.yahoo.com/vO1FAB/txzCAA/ySSFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:38 PDT