[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: [IP] more on well worth reading djf Computer network security: "Symbiot on the Rules of Engagement"
Delivered-To: dfarber+@ux13.sp.cs.cmu.edu Date: Thu, 11 Mar 2004 12:38:37 -0500 From: L Jean Camp <jean_camp@harvard.edu> Subject: Re: [IP] well worth reading djf Computer network security: "Symbiot on the Rules of Engagement" To: dave@farber.net Cc: andyo@oreilly.comIncreasing the risk of that group of people least able to manage risk is not now and never has been effective policy. However, it has been known to provide strong validating emotional public responses.
Symbiot: There is always the possibility of collateral damage.
I believe that this is the first time US citizens have been referred to as "collateral damage". I never liked the phrase, and I like it less now that is applies to my mom.
Yet this phrase is as illustrative as it is unattractive. In fact, blackmail is the apparent Symbiot business model. If you are not a Symbiot user and are successfully subverted by an attacker, then the collected Symbiot users will attack you en masse, purposefully causing additional harm to your already damaged network. I presume the only certain way to forever stay off their "risk" list is to pay for their services. Otherwise someone would point two symbiots at each other, and watch their risk numbers rise. This does not sound like a posse, this sounds like the mob.
He notes that they have a database of "intent". This is either personal fantasy or known lie. How do they determine the intent of a machine? How do they distinguish between an untrustworthy machine and a machine owned by an attacker? How do they distinguish a thief from a sociopath?
Up to this point, home users can see their machines subverted because of bugs in code that they have paid for, not be notified of the problem by the ISP which the customer also pays, and be at the mercy of a technically empowered hacker. Now such users will be subject to the Symbiot response. He declares that such a user is no longer innocent. Indeed, I was unaware that a corporation had the right to declare guilt and innocence across jurisdictions. This is at best a rather new development in international law, not standard operating procedure as he implies.
I sincerely hope that the first legitimate American business or person hit by Symbiot institutes a RICO action. Symbiot is instituting a pattern of criminal behavior directed against those individuals who have proven their inability to protect themselves under the current market configuration.
Here is a radical alternative - ISPs and software vendors take responsibility for the harm and vulnerabilities of end users and be required as part of business services to assist users in identification and response to the subversions of home machines.
-Jean ------------------------------------- To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC