From: Phillip Hallam-Baker <hallam@ai.mit.edu>
To: “‘Adam Back’” <aba@dcs.ex.ac.uk>
Message Hash: de8e42a8514a80890ae6e21d981c1229892f254150e0a4e49a3323585f98f537
Message ID: <01BCCDCD.6D549220.hallam@ai.mit.edu>
Reply To: N/A
UTC Datetime: 1997-09-30 22:38:10 UTC
Raw Date: Wed, 1 Oct 1997 06:38:10 +0800
From: Phillip Hallam-Baker <hallam@ai.mit.edu>
Date: Wed, 1 Oct 1997 06:38:10 +0800
To: "'Adam Back'" <aba@dcs.ex.ac.uk>
Subject: RE: engineering infowar disasters (was Re: How the FBI/NSA forces can further twist SAFE)
Message-ID: <01BCCDCD.6D549220.hallam@ai.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain
>It really depends how the engineered "infowar disaster" is presented
>in the press, ranging from say:
> Dr Adam Back, a computer security researcher at Exeter
> University highlighted a fundamental weakness in DNS security
> which he demonstrates can be easily exploited. "This is
> entirely avoidable", said Back, "the only reason that global
> infrastructure is left vulnerable, is that the wire-tapping
> extremists and intelligence special groups are being allowed
> to jeopardise national security to protect their jobs in their
> now redundant function in a post-cold war era."
Unfortunately I don't think the above is true.
The secure DNS specs have been circulating in a serious way for
about three years. The main impediment to implementing them has
been the time taken to completely rewrite the existing BIND code
to make it work. Unfortunately the design of DNS does not encourage
good coding parctice. The easy way to implement is to send out your
request independently of processing the reply.
One might possibly argue that the D-H patent has held matters
up or that the FBI has generally intimidated people. I don't think
this is actually the case however. Certainly Jeff Schiller, the IETF
security director has not been intimidated, he has been handing out
PGP to all commers for some time.
An anonymous cypherpunk took down half of the internet
yesterday, with an estimated loss to business of $50 million.
The cypherpunk hacker terrorist issued a manifesto claiming
that his motives were to highlight insecurities in the DNS.
Whether his motives were pure or not, the incident does
highlight the vulnerabilities in our infrastructure, something
infowar researchers have been arguing.
And which do you think is going to get published?
Declan might possibly put the second story in rather than the first
(but I would not count on it). But after his editor was finished with it
it would be more like the second.
>either one I can't see getting me or anyone else in trouble.
Not unless you or they get caught.
>They guy who wrote the SYN flood attack is none the worse for wear, it
>was released in a phrack article, and I don't think there was any
>secret as to who authored the software.
Some of the people who doiwnloaded and used it are in big trouble
though.
>> I suspect I'm not the only person on the list who is responsible
>> for a service that is a regular hacker target. If I catch someone I
>> really don't care what the motive for the attack was. I'm going to
>> look to make that person serve jail time.
>Your argument seems to be that if you legislate against OS bugs, that
>they will go away.
That is not what I said. And in any case you probably would not be
continuing the meme that reaction is useless if you knew the origin.
All O/S inevitably have bugs. There is nothing that can be done about
this in most cases. Many vendors simply don't give a hoot about
fixing bugs. Two years ago Sun delivered a machine to me with a
version of the O/S that didn't recognize the sound or video card. That
was a standard package, completely current O/S and broken out of
the box. Didn't strike them as the wrong approach. Nothing I could do
but never buy from them again.
If there is a bug in the O/S and the manufacturer is not interested in
fixing it my *only* recourse may be to persecute the perpetrator of
an attack.
That is not my FIRST choice, but it is a choice.
Also most of my systems are designed to give warning long before
an attack succeeds. I don't trust the clowns who put UNIX together
all that much. If there is an attack I want to know as soon as possible
and respond by removing the threat as soon as possible.
I'm not complacent enough to put my trust in the O/S.
>I would point out that the hackers who change your web page, or
>exploit OS bugs you haven't applied patches, and send you taunting
>messages telling what's wrong with your setup, are probably doing you
>a service.
If I want such a service I will ask.
I built a burgalar alarm into the system. If it goes off I assume that
someone is robbing the bank. I don't care what their motives are
or were, even if they are able to prove them they can tell them to
the judge, I am simply not interested.
If someone sets off the alarm it costs real money to react. Probably
in the tens of thousands of dollars.
> If you have something of real value to secure, you'd
>rather know about it from a few harmless hackers, than an industrial
>spy who takes the farm, and covers up his tracks so well that you
>don't even notice.
At present there arn't any secrets on the machine (with the exception
of some heavily encrypted signature keys). In fact the purpose is to
distribute information. All the logs could be obtained under FOIA in
any case.
The sole concern in the risk model is reputation capital. If the machine
is compromised it is front page news. I want to ensure that does not
happen. I am simply giving fair notice that I do not consider any attack
'friendly' and that I will react with the maximum force available to me.
I have good reasons for this policy and they have nothing to do with
complacency.
Phill
Return to September 1997
Return to “Phillip Hallam-Baker <hallam@ai.mit.edu>”
1997-09-30 (Wed, 1 Oct 1997 06:38:10 +0800) - RE: engineering infowar disasters (was Re: How the FBI/NSA forces can further twist SAFE) - Phillip Hallam-Baker <hallam@ai.mit.edu>