[Dailydave] FireEye is sad.
darkpassenger at unseen.is
Wed Sep 16 13:32:26 EDT 2015
FDA analogy is really far from Cyber and intellectual nature of its
elements . better use FCC business, yes ?
see here :
so it would seem legally questionable to turn a wifi chip into monitor
mode (your simple daily sniffer) or "engineer" better RF coverage in
MIMO-mode of a recent AP firmware with home-cooked tricks on chip's
luxury beam-forming features ( say , your restless sleepless night-time
games ) .
is the example going to factually change how the game is played on the
mentioned 5 Ghz targets ? not really .
i have strong objections on calling whole infosec spectrum an "industry"
, as if folks are in it with same terms and intentions . "regulating
away the threat" is how allied nations tried to handle the dual-use tech
for example on CW or even nuclear issues , apparently by a couple of
agreements . does it work , really? i do know that it doesnt . i
recommend this for a through reading :
On 2015-09-13 17:07, Moses Hernandez wrote:
> Being in Vendor land right now, I'll keep my comments brief, because
> are just that my comments from just me.
> On the subject of regulation however, I just want to be clear. I was,
> to an extend, still am in the camp of 'regulation'. I know that the
> Wassenaar arrangement was far from what I had in mind. The proposed
> legislation was rather sickening. When I think of maturity in our
> field, or
> even just playing in the big leagues, I try and think of what other
> professions look like.
> Just for a moment, suspend belief and think about the basic mechanism
> getting from onto our tables. For us Americans on the list, lets just
> consider the FDA. Consumers want to have confidence in the product that
> they are buying. They want to know that the Blue Bell Ice Cream they
> consuming is going to be maybe not as good as Cherry Garcia(
> http://www.benjerry.com/flavors/cherry-garcia-ice-cream), but still
> one would hope:
> Interesting story found here: (
> which claims:
> "Federal officials put the cost of compliance at about $380 million
> an industry that generates about $1.1 trillion in retail food sales."
> Confidence breeds markets to grow in a sustainable way, or at a minimum
> just grow. But of course, Wassenar-like regulatory changes, could
> happen in the Food industry, even if all we want is to be not poisoned,
> for things like this you have associations. This is where our industry,
> probably lacks a bit of guidance, but stroll through any state capital
> you will see these types of association buildings:
> Even though we can understand why this would be important in the age of
> say, Wassanar, what does this have to do with vendors and their
> attempts to
> shutdown research? I think what we need to understand as an industry is
> that just like the car manufacturers from time to time will take an
> actuarial approach to safety and try and avoid correcting issues, we
> find the same in our lines of work. Safety, maybe even, regulatory
> safety, will eventually happen. It's just the way we have to mature. We
> probably will not see if some time until there is a sudden event that
> forces is, because our trajectory of growing the software segments and
> industry will really slow.
> But then again, confidence breeds growth in markets, so who is going to
> the car with the lowest safety rating? And who will buy the food that
> poison them the most?
>  we do. (
> On Fri, Sep 11, 2015 at 9:27 AM, Dave Aitel <dave at immunityinc.com>
>> The real question in security is always how to play Poker against an
>> opponent who can see all your cards.
>> In a way our "IP" laws have confused a lot of us about security. What
>> NOBODY TALKED ABOUT OUR WEAKNESSES BECAUSE IT WAS ILLEGAL, the
>> management teams say. This, of course, directly relates to the
>> "regulation is GOING to happen" Wassenaar crowd because it's the exact
>> same fundamental psychology at work. "We're going to regulate away the
>> threat" is as useless as saying "hackers won't buy our boxes to find
>> how to bypass our defenses".
>> Dailydave mailing list
>> Dailydave at lists.immunityinc.com
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
More information about the Dailydave