FDA analogy is really far from Cyber and intellectual nature of its
elements . better use FCC business, yes ?
see here :
https://apps.fcc.gov/kdb/GetAttachment.html?id=1UiSJRK869RsyQddPi5hpw%3D%3D&desc=594280%20D02%20U-NII%20Device%20Security%20v01r02&tracking_number=39498
so it would seem legally questionable to turn a wifi chip into monitor
mode (your simple daily sniffer) or "engineer" better RF coverage in
MIMO-mode of a recent AP firmware with home-cooked tricks on chip's
luxury beam-forming features ( say , your restless sleepless night-time
games ) .
is the example going to factually change how the game is played on the
mentioned 5 Ghz targets ? not really .
i have strong objections on calling whole infosec spectrum an "industry"
, as if folks are in it with same terms and intentions . "regulating
away the threat" is how allied nations tried to handle the dual-use tech
for example on CW or even nuclear issues , apparently by a couple of
agreements . does it work , really? i do know that it doesnt . i
recommend this for a through reading :
https://mitpress.mit.edu/books/innovation-dual-use-and-security
-dp
On 2015-09-13 17:07, Moses Hernandez wrote:
Being in Vendor land right now, I'll keep my comments brief, because
they
are just that my comments from just me.
On the subject of regulation however, I just want to be clear. I was,
and
to an extend, still am in the camp of 'regulation'. I know that the
Wassenaar arrangement was far from what I had in mind. The proposed
legislation was rather sickening. When I think of maturity in our
field, or
even just playing in the big leagues, I try and think of what other
professions look like.
Just for a moment, suspend belief and think about the basic mechanism
of
getting from onto our tables. For us Americans on the list, lets just
consider the FDA. Consumers want to have confidence in the product that
they are buying. They want to know that the Blue Bell Ice Cream they
are
consuming is going to be maybe not as good as Cherry Garcia(
http://www.benjerry.com/flavors/cherry-garcia-ice-cream), but still
edible,
one would hope:
http://www.fda.gov/Food/RecallsOutbreaksEmergencies/Outbreaks/ucm438104.htm
Interesting story found here: (
http://www.marketplace.org/topics/health-care/who-pays-new-fda-food-safety-rules)
which claims:
"Federal officials put the cost of compliance at about $380 million
for
an industry that generates about $1.1 trillion in retail food sales."
Confidence breeds markets to grow in a sustainable way, or at a minimum
just grow. But of course, Wassenar-like regulatory changes, could
always
happen in the Food industry, even if all we want is to be not poisoned,
and
for things like this you have associations. This is where our industry,
probably lacks a bit of guidance, but stroll through any state capital
and
you will see these types of association buildings:
(http://www.ffva.com/).
Even though we can understand why this would be important in the age of
say, Wassanar, what does this have to do with vendors and their
attempts to
shutdown research? I think what we need to understand as an industry is
that just like the car manufacturers from time to time will take an
actuarial approach to safety and try and avoid correcting issues, we
may
find the same in our lines of work. Safety, maybe even, regulatory
style
safety, will eventually happen. It's just the way we have to mature. We
probably will not see if some time until there is a sudden event that
forces is, because our trajectory of growing the software segments and
our
industry will really slow.
But then again, confidence breeds growth in markets, so who is going to
buy
the car with the lowest safety rating? And who will buy the food that
will
poison them the most?[1]
[1] we do. (
http://www.nbcnews.com/id/11992264/ns/health-fitness/t/should-you-defrost-your-diet/
)
On Fri, Sep 11, 2015 at 9:27 AM, Dave Aitel <[email protected]>
wrote:
The real question in security is always how to play Poker against an
opponent who can see all your cards.
http://www.forbes.com/sites/thomasbrewster/2015/09/10/fireeye-slammed-over-injunction/
https://lists.immunityinc.com/pipermail/dailydave/2013-March/000353.html
In a way our "IP" laws have confused a lot of us about security. What
if
NOBODY TALKED ABOUT OUR WEAKNESSES BECAUSE IT WAS ILLEGAL, the
management teams say. This, of course, directly relates to the
"regulation is GOING to happen" Wassenaar crowd because it's the exact
same fundamental psychology at work. "We're going to regulate away the
threat" is as useless as saying "hackers won't buy our boxes to find
out
how to bypass our defenses".
-dave
_______________________________________________
Dailydave mailing list
[email protected]
https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
[email protected]
https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
[email protected]
https://lists.immunityinc.com/mailman/listinfo/dailydave
