[Dailydave] Semi-anonymized moderation.

Mon Jan 28 14:05:17 EST 2008

> On 1/28/08, Kowsik <kowsik at gmail.com> wrote:
> After 5+ years of stopping this, stopping that, writing anti-malware,
> anti-dos, anti-backdoors, anti-vulnerablities, anti-scanners,
> anti-spoofing, anti-this and anti-that, it pretty much came down to
> "ENOUGH ALREADY!", for me.
> 
> Being reactive just ain't fun. It gets pretty damn tiring after a
> while when for ever rule the ID/PS has, there are like a million
> exceptions on the network. No, I'm not just talking about evasions and
> obfuscations. One small step for the attacker, one impossible jump for
> the rest - especially with the current approach.
> 
> This is not a dig on specific products or how they work. They do what
> they are intended to do reasonably well. However, the problem they all
> set out to solve is inherently intractable.

As my colleague would say, it's a "security-complete" problem.

(No, there is no formal definition for a security-complete class of
problems.  A problem just automagically becomes security-complete when
you reach that "ENOUGH ALREADY" stage and feel like smashing all
computing devices in a 10 block radius.)

Besides being a meaningless novelty term used to cop-out of hard
problems, we can at least make vague, swiss-cheese analogies and compare
it to a similar class of problems: NP-complete.  We don't give up
NP-complete problems because they lack a polynomial-time solution;
instead, we develop practical algorithms that provide approximate
solutions.  You can see where this is going...

Regards,
Jon Oberheide

-- 
Jon Oberheide <jon at oberheide.org>
GnuPG Key: 1024D/F47C17FE
Fingerprint: B716 DA66 8173 6EDD 28F6  F184 5842 1C89 F47C 17FE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20080128/a7f7dfc1/attachment.pgp 