[Dailydave] CISPA == MAPP

allison nixon elsakoo at gmail.com
Tue Apr 17 14:16:59 EDT 2012


Every truly meaningful resource of shared knowledge we use- public
blacklists, CVE, open source tools- none of them came about due to a law
mandating them.

Swift coordination between companies to respond to new threats is a
technical problem and not a legal problem. The incentive to share is there,
and sharing systems are getting better over time without government "help".

I welcome any information sharing from the government but I don't trust any
mandate stating the government is entitled to your information if you(or a
company you use) got compromised.

-a

On Tue, Apr 17, 2012 at 1:34 PM, Dave Aitel <dave at immunityinc.com> wrote:

>  So votes are coming up for CISPA<http://en.wikipedia.org/wiki/Cyber_Intelligence_Sharing_and_Protection_Act>and I think it's a good time to look into the state of the "Cyber Politico
> Arena". In other words, Lieberman had a bill that actually SOLVED A
> PROBLEM. It was focused on critical infrastructure protection, gave DHS the
> ball, and told everyone to help them run with it.
>
> That said, it was one of those "immensely expensive" things, and people
> don't really have much faith in DHS to carry technical balls around, so it
> failed completely. Probably also worth mentioning that the Republicans are
> going to vote on an administration bill only at gunpoint this year. McCain
> in particular took a bee in his bonnet about how it didn't give the NSA
> enough power.
>
> Now we're left with CISPA, which is essentially Microsoft MAPP<http://www.microsoft.com/security/msrc/collaboration/mapp.aspx>for the US Government. That's it. It's pretty simple, and the reason
> Symantec dropped their Huawei partnership<http://www.nytimes.com/2012/03/27/technology/symantec-dissolves-alliance-with-huawei-of-china.html>.
> There are some interesting clauses in it relating to the government being
> able to give US Companies information about ongoing attacks even
> disregarding clearance requirements it seems. But overall, it's "DNI<http://twitter.com/#%21/daveaitel/statuses/165260367323336704>- please go set up MAPP for us!" and that's it.
>
> It goes both directions of course - the US Government will also be able to
> take in information, and this probably includes information about US
> Citizens and network traffic. It gets trickier here to figure out what will
> and won't be allowed, but the general theme is "The Chinese and Russians
> are owning every company - and we have information that can help, so let's
> coordinate on that."
>
> But they're selling it terribly. It's not SOPA. ACTA<http://en.wikipedia.org/wiki/Anti-Counterfeiting_Trade_Agreement>is much more like SOPA - and it's interesting that Hilary
> Rosen<http://www.washingtonpost.com/blogs/the-fix/post/who-is-hilary-rosen/2012/04/12/gIQA2zFHDT_blog.html>(who was the RIAA CEO when they were suing kids and trying to shut down
> Napster) is in the news for controversy as a democratic strategist, but
> it's not controversial how close the Obama administration is to the RIAA
> and MPAA. There's an opening here team Romney if they decide to go for
> "digital rights" among the demographic that shares files (aka, everyone
> under 30).
>
> -dave
>
>
>
>
> --
> INFILTRATE - the world's best offensive information security conference.
> April 2013 in Miami Beachwww.infiltratecon.com
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
>


-- 
_________________________________
Note to self: Pillage BEFORE burning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20120417/9f566a79/attachment.html>


More information about the Dailydave mailing list