[Dailydave] FireEye is sad.

Darkpassenger darkpassenger at unseen.is
Wed Sep 16 13:32:26 EDT 2015 

FDA analogy is really far from Cyber and intellectual nature of its 
elements . better use FCC business, yes ?
see here :
https://apps.fcc.gov/kdb/GetAttachment.html?id=1UiSJRK869RsyQddPi5hpw%3D%3D&desc=594280%20D02%20U-NII%20Device%20Security%20v01r02&tracking_number=39498

so it would seem legally questionable to turn a wifi chip into monitor 
mode (your simple daily sniffer) or "engineer" better RF coverage in 
MIMO-mode of a recent AP firmware with home-cooked tricks on chip's 
luxury beam-forming features ( say , your restless sleepless night-time 
games ) .

is the example going to factually change how the game is played on the 
mentioned 5 Ghz targets ? not really .
i have strong objections on calling whole infosec spectrum an "industry" 
, as if folks are in it with same terms and intentions . "regulating 
away the threat" is how allied nations tried to handle the dual-use tech 
for example on CW or even nuclear issues , apparently by a couple of 
agreements . does it work , really? i do know that it doesnt . i 
recommend this for a through reading : 
https://mitpress.mit.edu/books/innovation-dual-use-and-security

-dp

On 2015-09-13 17:07, Moses Hernandez wrote:
> Being in Vendor land right now, I'll keep my comments brief, because 
> they
> are just that my comments from just me.
> 
> On the subject of regulation however, I just want to be clear. I was, 
> and
> to an extend, still am in the camp of 'regulation'. I know that the
> Wassenaar arrangement was far from what I had in mind. The proposed
> legislation was rather sickening. When I think of maturity in our 
> field, or
> even just playing in the big leagues, I try and think of what other
> professions look like.
> 
> Just for a moment, suspend belief and think about the basic mechanism 
> of
> getting from onto our tables. For us Americans on the list, lets just
> consider the FDA. Consumers want to have confidence in the product that
> they are buying. They want to know that the Blue Bell Ice Cream they 
> are
> consuming is going to be maybe not as good as Cherry Garcia(
> http://www.benjerry.com/flavors/cherry-garcia-ice-cream), but still 
> edible,
> one would hope:
> 
> http://www.fda.gov/Food/RecallsOutbreaksEmergencies/Outbreaks/ucm438104.htm
> 
> Interesting story found here: (
> http://www.marketplace.org/topics/health-care/who-pays-new-fda-food-safety-rules)
> which claims:
> 
>   "Federal officials put the cost of compliance at about $380 million 
> for
> an industry that generates about $1.1 trillion in retail food sales."
> 
> Confidence breeds markets to grow in a sustainable way, or at a minimum
> just grow. But of course, Wassenar-like regulatory changes, could 
> always
> happen in the Food industry, even if all we want is to be not poisoned, 
> and
> for things like this you have associations. This is where our industry,
> probably lacks a bit of guidance, but stroll through any state capital 
> and
> you will see these types of association buildings: 
> (http://www.ffva.com/).
> 
> Even though we can understand why this would be important in the age of
> say, Wassanar, what does this have to do with vendors and their 
> attempts to
> shutdown research? I think what we need to understand as an industry is
> that just like the car manufacturers from time to time will take an
> actuarial approach to safety and try and avoid correcting issues, we 
> may
> find the same in our lines of work. Safety, maybe even, regulatory 
> style
> safety, will eventually happen. It's just the way we have to mature. We
> probably will not see if some time until there is a sudden event that
> forces is, because our trajectory of growing the software segments and 
> our
> industry will really slow.
> 
> But then again, confidence breeds growth in markets, so who is going to 
> buy
> the car with the lowest safety rating? And who will buy the food that 
> will
> poison them the most?[1]
> 
> 
> [1] we do. (
> http://www.nbcnews.com/id/11992264/ns/health-fitness/t/should-you-defrost-your-diet/
> )
> 
> 
> On Fri, Sep 11, 2015 at 9:27 AM, Dave Aitel <dave at immunityinc.com> 
> wrote:
> 
>> The real question in security is always how to play Poker against an
>> opponent who can see all your cards.
>> 
>> 
>> http://www.forbes.com/sites/thomasbrewster/2015/09/10/fireeye-slammed-over-injunction/
>> https://lists.immunityinc.com/pipermail/dailydave/2013-March/000353.html
>> 
>> In a way our "IP" laws have confused a lot of us about security. What 
>> if
>> NOBODY TALKED ABOUT OUR WEAKNESSES BECAUSE IT WAS ILLEGAL, the
>> management teams say. This, of course, directly relates to the
>> "regulation is GOING to happen" Wassenaar crowd because it's the exact
>> same fundamental psychology at work. "We're going to regulate away the
>> threat" is as useless as saying "hackers won't buy our boxes to find 
>> out
>> how to bypass our defenses".
>> 
>> -dave
>> 
>> 
>> 
>> _______________________________________________
>> Dailydave mailing list
>> Dailydave at lists.immunityinc.com
>> https://lists.immunityinc.com/mailman/listinfo/dailydave
>> 
>> 
> 
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave

More information about the Dailydave mailing list