Every truly meaningful resource of shared knowledge we use- public blacklists, CVE, open source tools- none of them came about due to a law mandating them.
Swift coordination between companies to respond to new threats is a technical problem and not a legal problem. The incentive to share is there, and sharing systems are getting better over time without government "help". I welcome any information sharing from the government but I don't trust any mandate stating the government is entitled to your information if you(or a company you use) got compromised. -a On Tue, Apr 17, 2012 at 1:34 PM, Dave Aitel <[email protected]> wrote: > So votes are coming up for > CISPA<http://en.wikipedia.org/wiki/Cyber_Intelligence_Sharing_and_Protection_Act>and > I think it's a good time to look into the state of the "Cyber Politico > Arena". In other words, Lieberman had a bill that actually SOLVED A > PROBLEM. It was focused on critical infrastructure protection, gave DHS the > ball, and told everyone to help them run with it. > > That said, it was one of those "immensely expensive" things, and people > don't really have much faith in DHS to carry technical balls around, so it > failed completely. Probably also worth mentioning that the Republicans are > going to vote on an administration bill only at gunpoint this year. McCain > in particular took a bee in his bonnet about how it didn't give the NSA > enough power. > > Now we're left with CISPA, which is essentially Microsoft > MAPP<http://www.microsoft.com/security/msrc/collaboration/mapp.aspx>for the > US Government. That's it. It's pretty simple, and the reason > Symantec dropped their Huawei > partnership<http://www.nytimes.com/2012/03/27/technology/symantec-dissolves-alliance-with-huawei-of-china.html>. > There are some interesting clauses in it relating to the government being > able to give US Companies information about ongoing attacks even > disregarding clearance requirements it seems. But overall, it's > "DNI<http://twitter.com/#%21/daveaitel/statuses/165260367323336704>- please > go set up MAPP for us!" and that's it. > > It goes both directions of course - the US Government will also be able to > take in information, and this probably includes information about US > Citizens and network traffic. It gets trickier here to figure out what will > and won't be allowed, but the general theme is "The Chinese and Russians > are owning every company - and we have information that can help, so let's > coordinate on that." > > But they're selling it terribly. It's not SOPA. > ACTA<http://en.wikipedia.org/wiki/Anti-Counterfeiting_Trade_Agreement>is much > more like SOPA - and it's interesting that Hilary > Rosen<http://www.washingtonpost.com/blogs/the-fix/post/who-is-hilary-rosen/2012/04/12/gIQA2zFHDT_blog.html>(who > was the RIAA CEO when they were suing kids and trying to shut down > Napster) is in the news for controversy as a democratic strategist, but > it's not controversial how close the Obama administration is to the RIAA > and MPAA. There's an opening here team Romney if they decide to go for > "digital rights" among the demographic that shares files (aka, everyone > under 30). > > -dave > > > > > -- > INFILTRATE - the world's best offensive information security conference. > April 2013 in Miami Beachwww.infiltratecon.com > > > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave > > -- _________________________________ Note to self: Pillage BEFORE burning.
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
